检索结果-南通市图书馆

Web Security:Emerging Threats and Defense

Computer Systems Science & Engineering 2022年第3期40卷 1233-1248页

作者： Abdulwahed Awad Almutairi Shailendra Mishra Mohammed AlShehri Department of Information Technology College of Computer and Information SciencesMajmaah UniversityMajmaah11952Saudi Arabia Department of Computer Engineering College of Computer and Information SciencesMajmaah UniversityMajmaah11952Saudi Arabia

Web applications have become a widely accepted method to support the internet for the past decade.Since they have been successfully installed in the business activities and there is a requirement of advanced functionalities,the configuration is growing and becoming more complicated.The growing demand and complexity also make these web applications a preferred target for intruders on the internet.Even with the support of security specialists,they remain highly problematic for the complexity of penetration and code reviewing methods.It requires considering different testing patterns in both codes reviewing and penetration testing.As a result,the number of hacked websites is increasing day by day.Most of these vulnerabilities also occur due to incorrect input validation and lack of result validation for lousy programming practices or coding errors.Vulnerability scanners for web applications can detect a few vulnerabilities in a dynamic approach.These are quite easy to use;however,these often miss out on some of the unique critical vulnerabilities in a different and static approach.Although these are time-consuming,they can find complex vulnerabilities and improve developer knowledge in coding and best practices.Many scanners choose both dynamic and static approaches,and the developers can select them based on their requirements and conditions.This research explores and provides details of SQL injection,operating system command injection,path traversal,and cross-site scripting vulnerabilities through dynamic and static approaches.It also examines various security measures in web applications and selected five tools based on their features for scanning PHP,and JAVA code focuses on SQL injection,cross-site scripting,Path Traversal,operating system command.Moreover,this research discusses the approach of a cyber-security tester or a security developer finding out vulnerabilities through dynamic and static approaches using manual and automated web vulnerability scanners.

关键词： SQL injection attack cross-site scripting attack command injection attack path traversal attack

来源：

维普期刊数据库评论

在线全文

维普期刊数据库

学校读者我要写书评

暂无评论

欢迎您,

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

请选择保存的检索档案：

请选择收藏分类：

通借通还

欢迎您,

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

在线全文

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：