Author : Dr. Harmeet Kaur Khanuja 1
Date of Publication :12th August 2021
Abstract: Web and web-based technologies have gained popularity in recent times. The security-sensitive information and functionalities of web applications can be extracted easily. Web applications are the most common source of sensitive data, so they are more vulnerable to a large number of web-based attacks. Incorrect input validation is one of the primary reasons for vulnerabilities to take place.Though these vulnerabilities are simple in nature and usually easy to mitigate, developers are unaware of security implications of these issues. This results in more vulnerable web applications on the Internet. If these vulnerabilities remain present in the web application, then it might have some severe impacts on confidentiality of user data. We implemented a system which crawls the entire web application to collect all referenced URLs and scan those URLs for the most frequent vulnerabilities like SQL Injection and Cross Site Scripting. A comprehensive report for sub types of SQL injection like Error-based, Union and Boolean SQL injection along with Cross Site Scripting, is presented to users. Each of the aforementioned reports consists of URLs vulnerable to SQL Injection or Cross Site Scripting attacks.
Reference :
-
- https://portswigger.net/daily-swig.
- https://www.websitehostingrating.com/ internetstatistics-facts/.
- Stefano Calzavara, Mauro Conti, Riccardo Focardi, Alvise Rabitti, and Gabriele Tolomei. Machine learning for web vulnerability detection: The case of cross-site request forgery. IEEE Security & Privacy, 18(3):8–16, 2020.
- Hoang Viet Long, Tong Anh Tuan, David Taniar, Nguyen Van Can, Hoang Minh Hue, and Nguyen Thi Kim Son. An efficient algorithm
- and tool for detecting dangerous website vulnerabilities. International Journal of Web and Grid Services, 16(1):81–104, 2020.
- Dimitris E Simos, Jovan Zivanovic, and Manuel Leithner. Automated combinatorial testing for detecting sql vulnerabilities in web applications. In 2019 IEEE/ACM 14th International Workshop on Automation of Software Test (AST), pages 55–61. IEEE, 2019.
- Anastasios Stasinopoulos, Christoforos Ntantogian, and Christos Xenakis. Commix: automating evaluation and exploitation of command injection vulnerabilities in web applications. International Journal of Information Security, 18(1):49–72, 2019.
- TIAN Xiaopeng and TANG Di. A distributed vulnerability scanning on machine learning. In 2019 6th International Conference on Information Science and Control Engineering (ICISCE), pages 32–35. IEEE, 2019.
- Xun Zhang, Jinxiong Zhao, Fan Yang, Qin Zhang, Zhiru Li, Bo Gong, Yong Zhi, and Xuejun Zhang. An automated composite scanning tool with multiple vulnerabilities. In 2019 IEEE 3rd Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC), pages 1060–1064. IEEE, 2019.