Abstract

Strong security in web applications is critical to the success of your online presence. Security importance has grown massively, especially among web applications. Dealing with web application or website security issues requires deep insight and planning, not only because of the many tools that are available but also because of the industry immaturity. Thus, finding the proper tools requires deep understanding and several steps, including analyzing the development environment, business needs, and the web applications' complexity. In this paper, we demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities. Those vulnerabilities are: Insufficient Transport Layer Protection, Information Leakage, Cross-Site Scripting, and SQL Injection. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications' users and administrators aiming to educate them.

Highlights

  • Most businesses depend on the power of websites to interact with their customers and sell products

  • This paper studies the underline of web application to understand web application vulnerabilities

  • The causes of Cross-Site Scripting, SQL Injection, and HTTP Response Splitting vulnerabilities are design errors, while Information Leakage, Insufficient Transport Layer Protection, and Fingerprinting are often caused by insufficient administration

Read more

Summary

Introduction

Most businesses depend on the power of websites to interact with their customers and sell products. Most of the web applications interact with back-end databases so those valuable services are targeted by attacks As a result, those threats may compromise web applications’ security by breaching an enormous amount of information, which could lead to severe economic losses or cause damages. Real-world websites are complex systems that exchange and integrate data with other systems and store and process data in many different places In other words, they consist of different numbers of components and technologies, including web browser and client-side tools (such as JavaScript and Flash) and web server and server-side application development tools (Curphey & Arawo, 2005). The bad news is that there is a number of people out there that are testing your web application as well, but with a different attempt They check your web server to see if it is vulnerable to unpatched flaws (Dhanjani & Clarke, 2006).

Understand How Web Applications Work
Common Web Application Vulnerabilities and Security Tools
Fingerprinting Vulnerability
BlindElephant
Httprint
WhatWeb
Insufficient Transport Layer Protection Vulnerability
Qualys SSL Labs
Inspect server configuration in three categories
Information Leakage Vulnerability
Netcraft
HTTP Splitting Vulnerability
AppScan
Cross-Site Scripting Vulnerability
XSS Server
Cross Site Scripter ”XSSer”
OWASP Xenotix XSS
SQL Injection Vulnerability
SQL Inject-Me
SQLninja
Comparison and Evaluation of Security Tools
Policy and Recommendations
Insufficient Transport Layer Protection
Fingerprinting
Information Leakage
HTTP Splitting
Findings
Conclusions
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call