tutorial

Security vulnerabilities and mitigation techniques of web applications

Author:

Hossain ShahriarAuthors Info & Claims

SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

Page 459

https://doi.org/10.1145/2523514.2523589

Published: 26 November 2013 Publication History

Get Access

Abstract

Web applications contain vulnerabilities, which may lead to serious security breaches such as stealing of confidential information. To protect against security breaches, it is necessary to understand the detailed steps of attacks and the pros and cons of existing defense mechanisms. This tutorial provides an overview of four web application security vulnerabilities: SQL injection, Cross-Site Scripting, Cross-Site Request Forgery, and clickjacking. Then it discusses two popular mitigation approaches: security testing and monitoring. The tutorial is intended to enable practitioners for choosing the right technique to defend against web application security vulnerabilities.

References

[1]

J. Grossman, How does your website security stack up against peers? White Hat Report, Summer 2012, Accessed from https://www.whitehatsec.com/assets/WPstats_summer12_12th.pdf

Google Scholar

[2]

Application Vulnerability Trend Report, CEZNIC White paper, 2013, Accessed from http://info.cenzic.com/rs/cenzic/images/Cenzic-Application-Vulnerability-Trends-Report-2013.pdf

Google Scholar

[3]

SQL Injection, https://www.owasp.org/index.php/SQL_Injection

Google Scholar

[4]

XSS, https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)

Google Scholar

[5]

Cross-Site Request forgery, https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF).

Google Scholar

[6]

Clickjacking, https://www.owasp.org/index.php/Clickjacking

Google Scholar

[7]

H. Shahriar, S. North, and W. Chen, "Early Detection of SQL Injection Attacks," International Journal of Network Security & Its Applications (IJNSA), Vol. 5, No. 4, July 2013, pp. 53--65.

Crossref

Google Scholar

[8]

H. Shahriar, V. Devendran, and H. Haddad, "ProClick: A Framework for Testing Clickjacking Attacks in Web Applications," Proc. of 6^th ACM/SIGSAC International Conference on Security of Information and Networks (SIN 2013), Aksaray, Turkey, November 2013, 8 pp. (to appear).

Digital Library

Google Scholar

[9]

H. Shahriar and M. Zulkernine, "S²XS²: A Server Side Approach to Automatically Detect XSS Attacks," Proc. of the 9^th IEEE International Conference on Dependable, Autonomic and Secure Computing (DASC), Sydney, Australia, December 2011, pp. 7--14.

Digital Library

Google Scholar

[10]

H. Shahriar and M. Zulkernine, "Client-Side Detection of Cross-Site Request Forgery Attacks," Proc. of the 21^st IEEE International Symposium on Software Reliability Engineering (ISSRE), San Jose, USA, November 2010, pp. 358--367.

Digital Library

Google Scholar

[11]

H. Shahriar and M. Zulkernine, "Mitigation of Program Security Vulnerabilities: Approaches and Challenges," ACM Computing Surveys, Vol. 44, No. 3, Article 11, pp. 1--46, May 2012.

Digital Library

Google Scholar

Cited By

View all

Varma KSharma SKulkarni YSamdurle S(2023)ReconMaster: A CLI Based Web Reconnaissance Tool2023 IEEE International Conference on ICT in Business Industry & Government (ICTBIG)10.1109/ICTBIG59752.2023.10455983(1-5)Online publication date: 8-Dec-2023
https://doi.org/10.1109/ICTBIG59752.2023.10455983

Index Terms

Security vulnerabilities and mitigation techniques of web applications

Recommendations

Securing web applications from injection and logic vulnerabilities

Context: Web applications are trusted by billions of users for performing day-to-day activities. Accessibility, availability and omnipresence of web applications have made them a prime target for attackers. A simple implementation flaw in the ...
Guidelines for Discovering and Improving Application Security
CSCS '13: Proceedings of the 2013 19th International Conference on Control Systems and Computer Science

This paper analyzes current threats in computer security for web-based applications with a SQL database. We conduct a penetration test in a real-case scenario of multiple attacks against the network, the web application and the SQL database. The test ...
A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing
Testing Software and Systems
Abstract
Web applications typically employ sanitization functions to sanitize user inputs, independently whether this input is assumed to be legitimate, invalid or malicious. When such functions do not work correctly, a web application immediately becomes ...

Comments

Information & Contributors

Information

Published In

SIN '13: Proceedings of the 6th International Conference on Security of Information and Networks

November 2013

483 pages

ISBN:9781450324984

DOI:10.1145/2523514

General Chairs:
Atilla Elçi
Aksaray University, Turkey
,
Manoj Singh Gaur
Malaviya National Institute of Technology, India
,
Mehmet A. Orgun
Macquarie University, Australia
,
Oleg B. Makarevich
Southern Federal University, Russia

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

In-Cooperation

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 26 November 2013

Check for updates

Author Tags

Qualifiers

Tutorial

Conference

SIN '13

Sponsor:

MNIT
Aksaray Univ.
SFedU

SIN '13: The 6th International Conference on Security of Information and Networks

November 26 - 28, 2013

Aksaray, Turkey

Acceptance Rates

Overall Acceptance Rate 102 of 289 submissions, 35%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
776
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)1

Reflects downloads up to 11 Aug 2024

Other Metrics

View Author Metrics

Citations

Cited By

View all

Varma KSharma SKulkarni YSamdurle S(2023)ReconMaster: A CLI Based Web Reconnaissance Tool2023 IEEE International Conference on ICT in Business Industry & Government (ICTBIG)10.1109/ICTBIG59752.2023.10455983(1-5)Online publication date: 8-Dec-2023
https://doi.org/10.1109/ICTBIG59752.2023.10455983

View Options

Get Access

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

Securing web applications from injection and logic vulnerabilities

Guidelines for Discovering and Improving Application Security

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Comments

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Other Metrics

Article Metrics

Other Metrics

Cited By

Login options

Full Access

PDF

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Securing web applications from injection and logic vulnerabilities

Guidelines for Discovering and Improving Application Security

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Comments

Information

Published In

Sponsors

In-Cooperation

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Get Access

Login options

Full Access

View options

PDF

eReader

Figures

Other

Share

Share this Publication link

Share on social media

Affiliations