Author : Pranav Gadekar 1
Date of Publication :12th August 2021
Abstract: In recent times, use of web and web-based technologies have become more popular. The web applications are the most common interface for security-sensitive information and functionality available. As web applications are sources of sensitive data, they are prone to vast numbers of web-based attacks. The majority of these attacks happen because of vulnerabilities resulting from input validation problems. Although these vulnerabilities are easy to understand and mitigate, many web developers are unaware of these security aspects. Which results in more vulnerable web applications on the Internet. Among these, the most prominent vulnerabilities are SQL Injection and Cross Site Scripting (XSS). We implemented a system which will scan the web application for the most frequent vulnerabilities in an automated manner. Our system detects flaws in web applications and presents a comprehensive report.
Reference :
-
- Stefano Calzavara, Mauro Conti, Riccardo Focardi, Alvise Rabitti, and Gabriele Tolomei. Machine learning for web vulnerability detection: The case of cross-site request forgery. IEEE Security & Privacy, 18(3):8–16, 2020.
- Hoang Viet Long, Tong Anh Tuan, David Taniar, Nguyen Van Can, Hoang Minh Hue, and Nguyen Thi Kim Son. An efficient algorithm and tool for detecting dangerous website vulnerabilities. International Journal of Web and Grid Services, 16(1):81–104, 2020.
- S. K. Mahmoud, M. Alfonse, M. I. Roushdy, and A. M. Salem. A comparative analysis of cross site scripting (xss) detecting and defensive techniques. In 2017 Eighth International Conference on Intelligent Computing and Information Systems (ICICIS), pages 36–42, 2017.
- C. Sharma and S. C. Jain. Analysis and classification of sql injection vulnerabilities and attacks on web applications. In 2014 International Conference on Advances in Engineering Technology Research (ICAETR - 2014), pages 1–6, 2014.
- Dimitris E Simos, Jovan Zivanovic, and Manuel Leithner. Automated combinatorial testing for detecting sql vulnerabilities in web applications. In 2019 IEEE/ACM 14th International Workshop on Automation of Software Test (AST), pages 55–61. IEEE, 2019.
- Anastasios Stasinopoulos, Christoforos Ntantogian, and Christos Xenakis. Commix: automating evaluation and exploitation of command injection vulnerabilities in web applications. International Journal of Information Security, 18(1):49–72, 2019.
- TIAN Xiaopeng and TANG Di. A distributed vulnerability scanning on machine learning. In 2019 6th International Conference on Information Science and Control Engineering (ICISCE), pages 32–35. IEEE, 2019.
- Xun Zhang, Jinxiong Zhao, Fan Yang, Qin Zhang, Zhiru Li, Bo Gong, Yong Zhi, and Xuejun Zhang. An automated composite scanning tool with multiple vulnerabilities. In 2019 IEEE 3rd Advanced Information Management, Communicates, Electronic and Automation Control Conference (IMCEC), pages 1060–1064. IEEE, 2019.