Detection of the Security Vulnerabilities in Web Applications
نویسنده
چکیده
The contemporary organizations develop business processes in a very complex environment. The IT&C technologies are used by organizations to improve their competitive advantages. But, the IT&C technologies are not perfect. They are developed in an iterative process and their quality is the result of the lifecycle activities. The audit and evaluation processes are required by the increased complexity of the business processes supported by IT&C technologies. In order to organize and develop a high-quality audit process, the evaluation team must analyze the risks, threats and vulnerabilities of the information system. The paper highlights the security vulnerabilities in web applications and the processes of their detection. The web applications are used as IT&C tools to support the distributed information processes. They are a major component of the distributed information systems. The audit and evaluation processes are carried out in accordance with the international standards developed for information system security assurance.
منابع مشابه
Automatic Detection of Vulnerabilities in Web Applications using Fuzzing
Automatic detection of vulnerabilities is a problem studied in literature and a very important concern in application development with security requirements. Fuzzing is a software testing technique, automated or semi-automated, that involves injecting a massive quantity of semi-random inputs in software in order to find security vulnerabilities. Many vulnerability detection techniques need manu...
متن کاملDetection and Mitigation of Web Application Vulnerabilities Based on Security Testing
The paper proposes a security testing technique to detect known vulnerabilities of web applications using both static and dynamic analysis. We also present a process to improve the security of web applications by mitigating many of the vulnerabilities revealed in the testing phase, and address a new method for detecting unknown vulnerabilities by applying dynamic black-box testing based on a fu...
متن کاملPerformance Evaluation of Web Application Security Scanners for Prevention and Protection against Vulnerabilities
With the increasing development of the Internet, web applications have become increasingly vulnerable and exposed to malicious attacks which affect essential properties such as confidentiality, integrity or availability of information systems. To deal with these malicious threats, web application developers and IT security administrators have used the web application vulnerabilities scanners (W...
متن کاملStatic Detection of Second-Order Vulnerabilities in Web Applications
Web applications evolved in the last decades from simple scripts to multi-functional applications. Such complex web applications are prone to different types of security vulnerabilities that lead to data leakage or a compromise of the underlying web server. So called secondorder vulnerabilities occur when an attack payload is first stored by the application on the web server and then later on u...
متن کاملStatic Enforcement of Web Application Integrity Through Strong Typing
Security vulnerabilities continue to plague web applications, allowing attackers to access sensitive data and co-opt legitimate web sites as a hosting ground for malware. Accordingly, researchers have focused on various approaches to detecting and preventing common classes of security vulnerabilities in web applications, including anomaly-based detection mechanisms, static and dynamic analyses ...
متن کاملProgram Analyses of Web Applications for Detecting Application-Specific Vulnerabilities
Web applications are prevalent in the modern era, regulating access to sensitive information, functionality and resources. Due to the difficulty in designing and implementing proper security checks for untrusted user inputs and actions, web applications often fall victim to various online attacks. In particular, application-specific vulnerabilities are easy to exploit and often have severe cons...
متن کامل