Web Security:Emerging Threats and Defense

作     者：Abdulwahed Awad Almutairi Shailendra Mishra Mohammed AlShehri 

作者机构：Department of Information TechnologyCollege of Computer and Information SciencesMajmaah UniversityMajmaah11952Saudi Arabia Department of Computer EngineeringCollege of Computer and Information SciencesMajmaah UniversityMajmaah11952Saudi Arabia 

出 版 物：《Computer Systems Science & Engineering》 (计算机系统科学与工程（英文）)

年 卷 期：2022年第40卷第3期

页      面：1233-1248页

核心收录：

学科分类：08[工学] 0812[工学-计算机科学与技术（可授工学、理学学位）] 

基　　金：The author swould like to thank the Deanship of Scientific Research at Majmaah University for supporting this work under Project Number No-R-14xx-4x 

主　　题：SQL injection attack cross-site scripting attack command injection attack path traversal attack 

摘      要：Web applications have become a widely accepted method to support the internet for the past *** they have been successfully installed in the business activities and there is a requirement of advanced functionalities,the configuration is growing and becoming more *** growing demand and complexity also make these web applications a preferred target for intruders on the *** with the support of security specialists,they remain highly problematic for the complexity of penetration and code reviewing *** requires considering different testing patterns in both codes reviewing and penetration *** a result,the number of hacked websites is increasing day by *** of these vulnerabilities also occur due to incorrect input validation and lack of result validation for lousy programming practices or coding *** scanners for web applications can detect a few vulnerabilities in a dynamic *** are quite easy to use;however,these often miss out on some of the unique critical vulnerabilities in a different and static *** these are time-consuming,they can find complex vulnerabilities and improve developer knowledge in coding and best *** scanners choose both dynamic and static approaches,and the developers can select them based on their requirements and *** research explores and provides details of SQL injection,operating system command injection,path traversal,and cross-site scripting vulnerabilities through dynamic and static *** also examines various security measures in web applications and selected five tools based on their features for scanning PHP,and JAVA code focuses on SQL injection,cross-site scripting,Path Traversal,operating system ***,this research discusses the approach of a cyber-security tester or a security developer finding out vulnerabilities through dynamic and static approaches using manual and automated web vulnerability scanners.