Web Security:Emerging Threats and Defense
作者机构:Department of Information TechnologyCollege of Computer and Information SciencesMajmaah UniversityMajmaah11952Saudi Arabia Department of Computer EngineeringCollege of Computer and Information SciencesMajmaah UniversityMajmaah11952Saudi Arabia
出 版 物:《Computer Systems Science & Engineering》 (计算机系统科学与工程(英文))
年 卷 期:2022年第40卷第3期
页 面:1233-1248页
核心收录:
学科分类:08[工学] 0812[工学-计算机科学与技术(可授工学、理学学位)]
主 题:SQL injection attack cross-site scripting attack command injection attack path traversal attack
摘 要:Web applications have become a widely accepted method to support the internet for the past *** they have been successfully installed in the business activities and there is a requirement of advanced functionalities,the configuration is growing and becoming more *** growing demand and complexity also make these web applications a preferred target for intruders on the *** with the support of security specialists,they remain highly problematic for the complexity of penetration and code reviewing *** requires considering different testing patterns in both codes reviewing and penetration *** a result,the number of hacked websites is increasing day by *** of these vulnerabilities also occur due to incorrect input validation and lack of result validation for lousy programming practices or coding *** scanners for web applications can detect a few vulnerabilities in a dynamic *** are quite easy to use;however,these often miss out on some of the unique critical vulnerabilities in a different and static *** these are time-consuming,they can find complex vulnerabilities and improve developer knowledge in coding and best *** scanners choose both dynamic and static approaches,and the developers can select them based on their requirements and *** research explores and provides details of SQL injection,operating system command injection,path traversal,and cross-site scripting vulnerabilities through dynamic and static *** also examines various security measures in web applications and selected five tools based on their features for scanning PHP,and JAVA code focuses on SQL injection,cross-site scripting,Path Traversal,operating system ***,this research discusses the approach of a cyber-security tester or a security developer finding out vulnerabilities through dynamic and static approaches using manual and automated web vulnerability scanners.