Solutions and Vulnerabilities of Security of Web Application

Intisar Milad Mohamed ALSSULL; Ibtisam Abdalsalam Mohamed SIDOUN; Laila Yousef FANNAS

doi:10.65540/jar.v19i.364

المؤلفون

Intisar Milad Mohamed ALSSULL Lecturer, Dept. of Internet Systems, Information Technology college, Misurata University, Libya
Ibtisam Abdalsalam Mohamed SIDOUN Lecturer, Dept. of Computer Science, Information Technology college, Misurata University, Libya
Laila Yousef FANNAS Assistant lecturer, Dept. of Internet Systems, Information Technology college, Misurata University, Libya

DOI:

https://doi.org/10.65540/jar.v19i.364

الكلمات المفتاحية:

Security، Application، Web، Solutions

الملخص

In this study, the top 10 web application security vulnerabilities published by OWASP, the sources of the vulnerabilities and the security solutions used to prevent attacks that exploit these vulnerabilities were investigated, the precautions that can be taken against the attacks that can be carried out using these vulnerabilities were evaluated in terms of usage areas, platform-independence, working logic and efficiency have been compared. In line with the information and findings obtained, suggestions on what kind of security solution should be taken and preferred against which types of attacks, and solutions for increasing awareness and web application security were presented.

المراجع

Kuypers, Marshall A., Thomas Maillart, and Elisabeth Paté-Cornell. "An empirical analysis of cyber security incidents at a large organization." Department of Management Science and Engineering, Stanford University, School of Information, UC Berkeley 30 (2016).

Alzahrani, Abdulrahman, Ali Alqazzaz, Ye Zhu, Huirong Fu, and Nabil Almashfi. "Web application security tools analysis." In 2017 ieee 3rd international conference on big data security on cloud (bigdatasecurity), ieee international conference on high performance and smart computing (hpsc), and ieee international conference on intelligent data and security (ids), pp. 237-242. IEEE, 2017. DOI: https://doi.org/10.1109/BigDataSecurity.2017.47

Huang, Hsiu-Chuan, Zhi-Kai Zhang, Hao-Wen Cheng, and Shiuhpyng Winston Shieh. "Web application security: threats, countermeasures, and pitfalls." Computer 50, no. 6 (2017): 81-85. DOI: https://doi.org/10.1109/MC.2017.183

ur Rehman, Habib, Mohammed Nazir, and Khurram Mustafa. "Security of web application: state of the art." In International Conference on Information, Communication and Computing Technology, pp. 168-180. Springer, Singapore, 2017. DOI: https://doi.org/10.1007/978-981-10-6544-6_17

Kumar, Sandeep, Renuka Mahajan, Naresh Kumar, and Sunil Kumar Khatri. "A study on web application security and detecting security vulnerabilities." In 2017 6th International Conference on Reliability, Infocom Technologies and Optimization (Trends and Future Directions)(ICRITO), pp. 451-455. IEEE, 2017. DOI: https://doi.org/10.1109/ICRITO.2017.8342469

Shuaibu, Bala Musa, Norita Md Norwawi, Mohd Hasan Selamat, and Abdulkareem Al-Alwani. "Systematic review of web application security development model." Artificial Intelligence Review 43, no. 2 (2015): 259-276. DOI: https://doi.org/10.1007/s10462-012-9375-6

Lazzez, Amor, and Thabet Slimani. "Forensics investigation of web application security attacks." International Journal of Computer Network and Information Security 7, no. 3 (2015): 10-17. DOI: https://doi.org/10.5815/ijcnis.2015.03.02

Hasan, Ashikali M., Divyakant T. Meva, Anil K. Roy, and Jignesh Doshi. "Perusal of web application security approach." In 2017 International Conference on Intelligent Communication and Computational Techniques (ICCT), pp. 90-95. IEEE, 2017. DOI: https://doi.org/10.1109/INTELCCT.2017.8324026

Joshi, Chanchala, and Umesh Kumar Singh. "Performance evaluation of web application security scanners for more effective defense." International Journal of Scientific and Research Publications (IJSRP) 6, no. 6 (2016): 660-667.

Sönmez, Ferda Özdemir. "Security qualitative metrics for open web application security project compliance." Procedia Computer Science 151 (2019): 998-1003. DOI: https://doi.org/10.1016/j.procs.2019.04.140

Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press. DOI: https://doi.org/10.1201/9780849390326

Burkhead, R. L. (2014). A phenomenological study of information security incidents experienced by information security professionals providing corporate information security incident management (Doctoral dissertation, Capella University).

Iskandar, Akbar, Muhammad Resa Fahlepi Tuasamu, Suryadi Syamsu, M. Mansyur, Tri Listyorini, Sulfikar Sallu, S. Supriyono, Kundharu Saddhono, Darmawan Napitupulu, and Robbi Rahim. "Web based testing application security system using semantic comparison method." In IOP Conference Series: Materials Science and Engineering, vol. 420, no. 1, p. 012122. IOP Publishing, 2018. DOI: https://doi.org/10.1088/1757-899X/420/1/012122

Agrawal, Alka, Mamdouh Alenezi, Rajeev Kumar, and Raees Ahmad Khan. "A unified fuzzy-based symmetrical multi-criteria decision-making method for evaluating sustainable-security of web applications." Symmetry 12, no. 3 (2020): 448. DOI: https://doi.org/10.3390/sym12030448

Li, Jinfeng. "Vulnerabilities mapping based on OWASP-SANS: a survey for static application security testing (SAST)." Annals of Emerging Technologies in Computing (AETiC), Print ISSN (2020): 2516-0281. DOI: https://doi.org/10.33166/AETiC.2020.03.001

Rexha, Blerim, Arbnor Halili, Korab Rrmoku, and Dren Imeraj. "Impact of secure programming on web application vulnerabilities." In 2015 IEEE International Conference on Computer Graphics, Vision and Information Security (CGVIS), pp. 61-66. IEEE, 2015. DOI: https://doi.org/10.1109/CGVIS.2015.7449894

Touseef, Pariwish, Khubaib Amjad Alam, Abid Jamil, Hamza Tauseef, Sahar Ajmal, Rimsha Asif, Bisma Rehman, and Sumaira Mustafa. "Analysis of automated web application security vulnerabilities testing." In Proceedings of the 3rd International Conference on Future Networks and Distributed Systems, pp. 1-8. 2019. DOI: https://doi.org/10.1145/3341325.3342032

Herdiana, Dody. "Website Security Analysis using Open Web Application Security Project 10." J-Tin's-Jurnal Teknik Informatika 1, no. 2 (2017).

Babincev, Ivan M., and Dejan V. Vuletić. "Web application security analysis using the Kali Linux operating system." Vojnotehnički glasnik 64, no. 2 (2016): 513-531. DOI: https://doi.org/10.5937/vojtehg64-9231

Agrawal, Alka, Abhishek Kumar Pandey, Abdullah Baz, Hosam Alhakami, Wajdi Alhakami, Rajeev Kumar, and Raees Ahmad Khan. "Evaluating the security impact of healthcare Web applications through fuzzy based hybrid approach of multi-criteria decision-making analysis." IEEE Access 8 (2020): 135770-135783. DOI: https://doi.org/10.1109/ACCESS.2020.3010729

Perera, Ashan Chulanga, Krishnadeva Kesavan, Sripa Vimukthi Bannakkotuwa, Chethana Liyanapathirana, and Lakmal Rupasinghe. "E-commerce (WEB) Application security: Defense against Reconnaissance." In 2016 IEEE International Conference on Computer and Information Technology (CIT), pp. 732-742. IEEE, 2016. DOI: https://doi.org/10.1109/CIT.2016.105

Pooj, Karishma, and Sonali Patil. "Understanding File Upload Security for Web Applications." International Journal of Engineering Trends and Technology 42, no. 7 (2016): 342-347. DOI: https://doi.org/10.14445/22315381/IJETT-V42P261

Hakim, Hela, Asma Sellami, and Hanene Ben Abdallah. "Evaluating security in web application design using functional and structural size measurements." In 2016 Joint Conference of the International Workshop on Software Measurement and the International Conference on Software Process and Product Measurement (IWSM-MENSURA), pp. 182-190. IEEE, 2016. DOI: https://doi.org/10.1109/IWSM-Mensura.2016.036