Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art

Faris Faisal Fadlalla,Huwaida T Elshoush

doi:10.1109/access.2023.3266385

Faris Faisal Fadlalla, Huwaida T Elshoush

Open Access

https://doi.org/10.1109/access.2023.3266385

Copy DOI

Journal: IEEE Access	Publication Date: Jan 1, 2023
Citations: 2	License type: CC BY-NC-ND 4.0

Affiliation: University of Khartoum

Abstract

In recent years, huge increase in attacks and data breaches is noticed. Most of the attacks are performed and focused on the vulnerabilities related to web applications. Hence, nowadays the mitigation of application vulnerabilities is an ignited research area. Thus, due to the potential high severity impacts of web application, many different approaches have been proposed in the past decades to mitigate the damages of application vulnerabilities. Static and dynamic analysis are the two main techniques used. In this paper, a new classification for web application input validation vulnerabilities is proffered. In addition, various techniques/tools that are used to detect them are analyzed and evaluated to apprehend their strengths and weaknesses. Thus, this paper provides both technical as well as literature countermeasures to input validation vulnerabilities. Moreover, various statistical distributions of the reviewed techniques were manifested and scrutinize in different aspects to reveal the perception of the prevailing techniques and the gaps in the literature. In addition, the most widespread metrics are also propounded.

Full Text