Application Vulnerabilities Research Articles

Understanding Penetration Testing for Evaluating Vulnerabilities and Enhancing Cyber Security

In response to the increasing incidence of cyber-attacks, organizations are prioritizing security testing for their software applications and products. Among the most effective methods for identifying vulnerabilities is penetration testing, which involves simulated attacks on systems to uncover weaknesses that could be exploited by malicious actors. This method not only aids in identifying and remediating security flaws but also evaluates a system's ability to withstand unexpected threats. This paper provides an in-depth exploration of penetration testing, detailing its stages, methodologies, and the role of web application firewalls. A penetration test systematically assesses the security of IT infrastructures by exploiting vulnerabilities in systems, applications, and user behaviours. The findings from these tests are essential for IT management, guiding strategic decisions and prioritizing remediation efforts. Ultimately, the primary aim of penetration testing is to evaluate the risk of a system breach and its potential impact on organizational resources and operations.

Perbandingan Evaluasi Kerentanan Menggunakan Tenable Nessus Scanner dan Owasp Zed Attack Proxy untuk Meningkatkan Keamanan Sistem Informasi Kepegawaian di Universitas Merdeka Malang

This study aims to compare the vulnerability analysis between Tenable Nessus Scanner and OWASP Zed Attack Proxy (ZAP) for improving the security of the Human Resource Information System (HRIS) website at Universitas Merdeka Malang. The research methodology includes the use of both Nessus and OWASP ZAP tools to scan the HRIS website for potential vulnerabilities. The findings of this research indicate that OWASP ZAP identified several critical web application vulnerabilities such as the absence of Anti-CSRF tokens, lack of Content Security Policy (CSP) headers, and missing Anti-Clickjacking headers, which are essential for maintaining the security and integrity of user data. On the other hand, Nessus Scanner focused more on network and server infrastructure vulnerabilities. The results suggest that OWASP ZAP is more effective for web application security in this context. Recommendations are provided to address the identified vulnerabilities and enhance the overall security of the HRIS website.

OWASP A03 Injection Vulnerability in Web Application Development

Web applications are crucial for businesses and individuals by providing efficient communication, collaboration, and access to services and information via browsers, boosting connectedness, productivity, and creativity in the digital era. Insecure web applications pose risks of data breaches, malware, and unauthorized access which jeopardize user privacy, trust, and organizational security. Web developers must be knowledgeable and prepared to deal with common vulnerabilities in web applications. A prototype web application (https://webriska3.tech) with lesson and editor module is developed to train web developers on the Open Web Application Security Project (OWASP) Top Ten security risks, focusing on A03 - Injection vulnerability. OWASP A03 Injection vulnerability is one of the most common vulnerabilities that is at the heart of any database-driven web applications. Evaluation on the prototype in improvement knowledge on A03 – Injection vulnerability, testers are recruited to complete two coding tasks in laboratory environment. 80% of testers mastered Output escaping/encoding defensive technique while Prepared statement/Parameterized Query defensive technique is the hardest to master. The prototype obtained average System Usability Scale (SUS) score of 57 that is below average, indicating issues with the prototype interface. This work showed promising results of increase understanding on A03 Injection vulnerability and implementation skills to protect web application against attack and exploitations.

A fine-grained approach for Android taint analysis based on labeled taint value graphs

Static taint analysis is a widely used method to identify vulnerabilities in Android applications. However, the existing tools for static analysis often struggle with processing times, particularly when dealing with complex real-world programs. To reduce time consumption, some tools choose to sacrifice analytical precision, e.g., FastDroid sets an upper limit for analysis iterations in Android applications. In this paper, we propose a labeled taint value graph (LTVG) to store taint flows, and implement a fine-grained analysis tool called LabeledDroid. This graph is constructed based on the taint value graph (TVG) of FastDroid, and takes into account both precision and time consumption. That is, we decompile an Android app into Jimple statements, develop fine-grained propagation rules to handle List, and construct LTVGs according to these rules. Afterwards, we traverse LTVGs to obtain high-precision taint flows. An analysis of 39 apps from the TaintBench benchmark shows that LabeledDroid is 0.87 s faster than FastDroid on average. Furthermore, if some common accuracy parameters are adapted in both LabeledDroid and FastDroid, the experiment demonstrates that the former is more scalable. Moreover, the maximum analysis time of LabeledDroid is less than 200 s and its average time is 46.25 s, while FastDroid sometimes experiences timeouts with durations longer than 600 s. Additionally, LabeledDroid achieves a precision of 70% in handling lists, while FastDroid and TaintSA achieve precisions of 38.9% and 41.2%, respectively.

NOVEL STUDY ON ETHICAL HACKING AND VULNERABILITY TESTING

Ethical hacking and vulnerability testing represent critical components of modern cybersecurity strategies, aimed at proactively identifying and mitigating potential security threats within organizational systems and networks. Ethical hacking, also known as penetration testing, involves authorized attempts to exploit vulnerabilities in systems, applications, or networks, mirroring the tactics of malicious actors. This proactive approach allows organizations to uncover weaknesses before they are exploited by cybercriminals, thereby strengthening overall security posture. Vulnerability testing complements ethical hacking by systematically assessing systems for known vulnerabilities and configuration errors, providing insights into areas requiring remediation. Together, these practices enable organizations to assess, prioritize, and address security risks effectively, safeguarding sensitive data, maintaining regulatory compliance, and preserving business continuity. This article explores the principles, methodologies, and benefits of ethical hacking and vulnerability testing, emphasizing their role in enhancing cybersecurity resilience in an increasingly interconnected digital landscape. Keywords: Cybersecurity, Ethical Hacking, Mitigation, Networks, Penetration Testing, Security Threats, Systems, Testing, Vulnerabilities.

Comprehensive review of machine learning models for sql injection detection in e-commerce

With the steady expansion of online commerce, e-commerce sites have become increasingly attractive targets for hackers. These sites serve millions of customers and often hold valuable, confidential, and sometimes financial information in their databases. One particularly dangerous type of attack is SQL injection, which exploits vulnerabilities in web applications to influence backend databases, posing significant threats to such platforms. Traditional defenses like desktop firewalls, input validation, and parameterized queries provide some level of protection but are often insufficient against newer injection variations and sophisticated attackers. The utilization of machine learning to enhance cybersecurity against more advanced threats has been demonstrated as a promising approach. This systematic review examines how various machine learning algorithms are applied to detect SQL injection attacks that could potentially harm e-commerce systems. By identifying and analyzing the relevant literature, this review highlights the effectiveness of different algorithms and their practical applications in enhancing the security of online commerce platforms. More specifically, five techniques were assessed on both real and synthetic datasets: Logistic Regression, Naive Bayes, Random Forest, Artificial Neural Network, and two combined models (Logistic Regression & Naive Bayes, and Artificial Neural Network & Random Forest). The findings indicate that Random Forest performed better than other algorithms in the decision tree family, attributed to its ability to balance precision and recall effectively. However, limitations such as using a single dataset and the computational complexity of some models were noted. This review provides insights for practitioners on selecting appropriate detection models and outlines approaches to address current limitations through future work. Addressing these limitations could involve using more diverse datasets, optimizing computational efficiency, and exploring advanced ensemble methods and neural network architectures.

Introducing Security Mechanisms in OpenFog-Compliant Smart Buildings

Designing smart building IoT applications is a complex task. It requires efficiently integrating a broad number of heterogeneous, low-resource devices that adopt lightweight strategies. IoT frameworks, especially if they are standard-based, may help designers to scaffold the applications. OpenFog, established as IEEE 1934 standard, promotes the use of free open source (FOS) technologies and has been identified for use in smart buildings. However, smart building systems may present vulnerabilities, which can put their integrity at risk. Adopting state-of-the-art security mechanisms in this domain is critical but not trivial. It complicates the design and operation of the applications, increasing the cost of the deployed systems. In addition, difficulties may arise in finding qualified cybersecurity personnel. OpenFog identifies the security requirements of the applications, although it does not describe clearly how to implement them. This article presents a scalable architecture, based on the OpenFog reference architecture, to provide security by design in buildings of different sizes. It adopts FOS technologies over low-cost IoT devices. Moreover, it presents guidelines to help developers create secure applications, even if they are not security experts. It also proposes a selection of technologies in different layers to achieve the security dimensions defined in the X.805 ITU-T recommendation. A proof-of-concept Indoor Environment Quality (IEQ) system, based on low-cost smart nodes, was deployed in the Faculty of Engineering of Vitoria-Gasteiz to illustrate the implementation of the presented approach. The operation of the IEQ system was analyzed using software tools frequently used to find vulnerabilities in IoT applications. The use of state-of-the-art security mechanisms such as encryption, certificates, protocol selection and network partitioning/configuration in the OpenFog-based architecture improves smart building security.

Revealing the exploitability of heap overflow through PoC analysis

The exploitable heap layouts are used to determine the exploitability of heap vulnerabilities in general-purpose applications. Prior studies have focused on using fuzzing-based methods to generate more exploitable heap layouts. However, the exploitable heap layout cannot fully demonstrate the exploitability of a vulnerability, as it is uncertain whether the attacker can control the data covered by the overflow. In this paper, we propose the Heap Overflow Exploitability Evaluator (Hoee), a new approach to automatically reveal the exploitability of heap buffer overflow vulnerabilities by evaluating proof-of-concepts (PoCs) generated by fuzzers. Hoee leverages several techniques to collect dynamic information at runtime and recover heap object layouts in a fine-grained manner. The overflow context is carefully analyzed to determine whether the sensitive pointer is corrupted, tainted, or critically used. We evaluate Hoee on 34 real-world CVE vulnerabilities from 16 general-purpose programs. The results demonstrate that Hoee accurately identifies the key factors for developing exploits in vulnerable contexts and correctly recognizes the behavior of overflow.

Timing Side-Channel Mitigation via Automated Program Repair

Side-channel vulnerability detection has gained prominence recently due to Spectre and Meltdown attacks. Techniques for side-channel detection range from fuzz testing to program analysis and program composition. Existing side-channel mitigation techniques repair the vulnerability at the IR/binary level or use runtime monitoring solutions. In both cases, the source code itself is not modified, can evolve while keeping the vulnerability, and the developer would get no feedback on how to develop secure applications in the first place. Thus, these solutions do not help the developer understand the side-channel risks in her code and do not provide guidance to avoid code patterns with side-channel risks. In this paper, we present Pendulum , the first approach for automatically locating and repairing side-channel vulnerabilities in the source code, specifically for timing side channels. Our approach uses a quantitative estimation of found vulnerabilities to guide the fix localization, which goes hand-in-hand with a pattern-guided repair. Our evaluation shows that Pendulum can repair a large number of side-channel vulnerabilities in real-world applications. Overall, our approach integrates vulnerability detection, quantization, localization, and repair into one unified process. This also enhances the possibility of our side-channel mitigation approach being adopted into programming environments.

Finding Vulnerability in Web Application by using Pentesting

Penetration testing, a proactive security measure, is indispensable in fortifying the resilience of web applications against cyber threats. This project explores the efficacy of penetration testing as a means to identify and mitigate vulnerabilities within web applications. By simulating real-world attacks, penetration testing uncovers potential weaknesses in the application’s architecture, codebase, and configurations. Through a systematic approach encompassing reconnaissance, vulnerability analysis, exploitation, and reporting, penetration testing provides invaluable insights for organizations to patch vulnerabilities and bolster their overall security posture. The abstract briefly describes the methodology involved in penetration testing and highlights its significance in mitigating risks and fortifying the security posture of web applications. This project examined further into the effectiveness of penetration testing as a preventative security strategy, uncovering vulnerabilities such as SQL injection and cross-site scripting. The investigation found subtle vulnerabilities in the online application’s architecture, programming, and customizations by painstakingly modeling actual cyberattacks. This thorough investigation gave firms a solid platform on which to strengthen their defenses against changing cyberthreats. The study also demonstrated how crucial penetration testing is for both finding vulnerabilities and enabling quick repair measures. Through thorough reporting, exploitation simulations, vulnerability analysis, and in-depth reconnaissance, the study demonstrated how penetration testing provides useful insights to improve online applications’ overall security posture. In the end, this project emphasizes how crucial penetration testing is to improving the robustness of web applications

Smart contract vulnerability detection using wide and deep neural network

Smart contracts, integral to blockchain technology, automate agreements without intermediaries, ensuring transparency and security across various sectors. However, the immutable nature of blockchain exposes deployed contracts to potential risks if they contain vulnerabilities. Current approaches, including symbolic execution and graph-based machine learning, aim to ensure smart contract security. However, these methods suffer from limitations such as high false positive rates, heavy reliance on trained data, and over-generalization.The goal of this paper is to investigate the application of Wide and Deep Neural Networks in identifying vulnerabilities within smart contracts. We introduce WIDENNET, a method based on deep neural networks, designed to detect reentrancy and timestamp dependence vulnerabilities in smart contracts. Our approach involves extracting bytecodes from the contracts and converting them into Operational Codes (OPCODES), which are then transformed into distinct vector representations. These vectors are subsequently fed into the neural network to extract both complex and simple patterns for vulnerability detection. Testing on real-world datasets yielded an average accuracy of 83.07% and a precision of 83.13%. Our method offers a potential solution to mitigate vulnerabilities in blockchain applications.

Adopting security practices in software development process: Security testing framework for sustainable smart cities

The dependence on smart city applications has expanded in recent years. Consequently, the number of cyberattack attempts to exploit smart application vulnerabilities significantly increases. Therefore, improving smart application security during the software development process is mandatory to ensure sustainable smart cities. But the challenge is how to adopt security practices in the software development process. There are Several established and mature security testing frameworks exist that consider security requirements and testing during Several already established and mature security testing frameworks exist that consider security requirements and testing during Software Development Life Cycle (SDLC), but there is a unique challenges posed by smart city applications and the need for a comprehensive approach to address the evolving threat landscape in this context. This paper proposed a framework that adopts security testing practices in all phases of the software development process. The proposed framework identifies several security activities and steps that can be applied in each phase of the software development process.

Website Penetration Analysis Against XSS Attacks using Payload Method

This research aims to analyze the effectiveness of various penetration testing methods in identifying and mitigating XSS (Cross-Site Scripting) vulnerabilities in web applications. XSS is a type of web security attack that takes advantage of weaknesses in web applications to insert malicious code into web pages displayed to users. This attack can steal user data, take over user sessions, or spread malware. This research uses a penetration testing method with a black-box approach, where the researcher does not know the construction of the system being tested. Tests were conducted on 10 random websites, including 5 open-source websites and 5 commercial websites. The test results show that the payload method used is effective in exploiting XSS vulnerabilities on some websites. Of the 10 websites tested, 6 of them were successfully exploited using different payload methods. This research highlights the importance of using open-source penetration testing tools in detecting and addressing security vulnerabilities in web applications. These tools are easy to implement, supported by extensive documentation, and have a strong community. This research also emphasizes the importance of a deep understanding of how penetration testing tools work to identify and address security vulnerabilities. To address XSS vulnerabilities, this research recommends good programming techniques such as programming language updates, use of OOP (Object-Oriented Programming), MVC (Model-View-Controller) concepts, and use of frameworks. Further research can be done to develop and test new payload methods, explore the use of other penetration testing tools, and test security vulnerabilities in other types of web applications.

Опыт проведения киберучений с использованием разработанного сценария

The threat of cyber attacks has become a serious problem for organizations, the solution of which also lies in the plane of modeling scenarios of possible attacks using digital twin technologies. A cyber polygon based on the AMPIRE software suite is used to study the impact of cyber threats. The attacker's scenario includes the use of various tactics and vulnerabilities, such as active scanning, provisioning, vulnerabilities in public applications, malicious links and files, and compromising domain user accounts. The vector of the malicious attack is related to the tactics, techniques and procedures of the Mitre ATT&CK matrix. Vulnerabilities include the wpDiscuz plugin, Zerologon, and the consequences of using Wordpress Shell and gaining unauthorized access. The ongoing intercollegiate cyber exercises have revealed strengths and weaknesses that need to be taken into account when conducting the following events. Scenario testing with the participation of universities showed the effectiveness of the complex in assessing the time required to close vulnerabilities and eliminate consequences. Implementation of different scenarios with specialized functionality at the cyber polygon makes it possible to form practical skills to prevent attacks on computer networks, and also allows you to analyze the situation, interact with other participating specialists.

Evaluasi Risiko Celah Keamanan Aplikasi E-Office menggunakan Metode OWASP

Based on data from Badan Siber dan Sandi Negara (BSSN) in 2022, it was reported that a total of 1,950 security vulnerabilities were found in 457 electronic systems across various applications widely used by the public. The purpose of this research is to evaluate the risk of existing security vulnerabilities in the E-Office application and determine the level and impact that these vulnerabilities can cause. This research focuses on information system security, specifically evaluating the risk of security vulnerabilities in the E-Office application of the Ogan Ilir Regency. The research was conducted using the Open Web Application Security Project (OWASP) method with a risk rating assessment. The research process began with a literature review to gather data and information sources, determine the scope and research objectives, test, identify security vulnerabilities, analyze security vulnerabilities, and the results of the analysis. The research subject is the E-Office application of Ogan Ilir Regency, with the object of the research being the security vulnerabilities in that application. OWASPZap was used as a tool to obtain data on security vulnerabilities, and using OWASPZap, 38 security vulnerabilities were found, with 18 of them meeting the criteria of the OWASP Top 10. Our findings indicate that the security vulnerabilities in the E-Office application of Ogan Ilir Regency include vulnerabilities in authentication levels, access control, configuration, and data validation processes.

Mengoptimalkan Implementasi UU No. 27 Tahun 2022 Dengan Penetration Test Dan Vulnerability Assessment Pada Kasus Pembobolan Data Aplikasi Dana

Data security in digital financial applications such as mobile banking, e-wallets, and online payment services is very important. However, there are many security risks lurking. Irresponsible parties can exploit security gaps to steal personal information. The ITE Law regulates the limitations, obligations, and responsibilities of parties involved in electronic systems, including service providers, data managers, and users as well as sanctions for cybercriminals. One of the main weaknesses in a financial application is the lack of strict and consistent security standards. Due to the many acts of cybercrime, it is important for companies to take preventive measures, one of which is through Vulnerability Assessment and Penetration Testing (VAPT). VAPT can help identify and fix vulnerabilities in applications before they are exploited by cybercriminals

Application of the OWASP Framework to Identify and Remediate Vulnerabilities in Java Web Applications

Application of the OWASP Framework to Identify and Remediate Vulnerabilities in Java Web Applications

Assessment of vulnerability of Server-side Web Application and prevention of their manifestation.

The vulnerability of the system (technological, communication) of the cyber protection object to negative technical impact is always based on the exploitation of its defects. Defect is a property of software, hardware, software-hardware or system components, which under certain conditions can lead to vulnerability. Attack – an attempt to exploit a defect(s) of the system (object of cyber protection) for the implementation of a negative technical effect (unauthorized reading/writing of data, incorrect operation, circumvention of protective mechanisms, abnormal consumption of resources; execution of imposed commands, etc.) under the manifestation of vulnerability using an exploit (exploit). The appearance of defects is inherent in all stages of the system (cyber protection object) life cycle. Thus, defects are distinguished at the design stage, implementation, adjustment during commissioning, maintenance, and completion of work. The existence of at least one defect in the components of the system, which allows a negative technical effect, makes it vulnerable. Timely detection and elimination of defects reduces the probability of system compromise using at least known exploits. The expediency, rationality and reasonableness of solutions for finding defects is based on the application of proven sources of world-class expert experience. Thus, Adversarial Tactics, Techniques & Common Knowledge defines Server-side Web Application class systems as an attractive attack target for hackers with the highest average number of potential defects in at least three components: Web Server, Web Application Server, DBMS Server. To find out the distribution of Server-side Web Application defects by characteristic classes, it is necessary to use the Open Worldwide Application Security Project, for a detailed study of them - Common Weakness Enumeration. The application of the National Vulnerability Database and Common Vulnerabilities and Exposures complements the evaluation of the found defect.

An Experimental Study on Detecting and Mitigating Vulnerabilities in Web Applications

An Experimental Study on Detecting and Mitigating Vulnerabilities in Web Applications

An efficient artificial intelligence approach for early detection of cross-site scripting attacks

Cross-Site Scripting (XSS) attacks continue to pose a significant threat to web applications, compromising the security and integrity of user data. XSS is a web application vulnerability where malicious scripts are injected into websites, allowing attackers to execute arbitrary code in the victim’s browser. The consequences of XSS attacks can be severe, ranging from financial losses to compromising sensitive user information. XSS attacks enable attackers to deface websites, distribute malware, or launch phishing campaigns, compromising the trust and reputation of affected organizations. This study proposes an efficient artificial intelligence approach for the early detection of XSS attacks, utilizing machine learning and deep learning approaches, including Long Short-Term Memory (LSTM). Additionally, advanced feature engineering techniques, such as the Term Frequency-Inverse Document Frequency (TFIDF), are applied and compared to evaluate results. We introduce a novel approach named LSTM-TFIDF (LSTF) for feature extraction, which combines temporal and TFIDF features from the cross-site scripting dataset, resulting in a new feature set. Extensive research experiments demonstrate that the random forest method achieved a high performance of 0.99, outperforming state-of-the-art approaches using the proposed features. A k-fold cross-validation mechanism is utilized to validate the performance of applied methods, and hyperparameter tuning further enhances the performance of XSS attack detection. We have applied Explainable Artificial Intelligence (XAI) to understand the interpretability and transparency of the proposed model in detecting XSS attacks. This study makes a valuable contribution to the growing body of knowledge on XSS attacks and provides an efficient model for developers and security practitioners to enhance the security of web applications.