In any software development life cycle the penetration testing phase plays an important role. Penetration testing is an approach which tests the security of a web application by making a conscious attempt to compromise the security of the application. It helps in preparing for any possible malicious attacks or avoid the potential breach of data at the hands of an attacker. Securing the framework does not guarantee application security as web applications are prone to vulnerabilities that cannot be fully examined. Vulnerabilities will always exist, no matter how secure the web applications are. Hackers constantly probes networks, Wi-Fi, mobile devices, people/clients and web applications for security weaknesses. On finding a vulnerability a hacker exploits it by performing illegal actions instead of reporting the vulnerability.
The web has changed and so has the threat landscape. Web Application Security focuses on securing the web applications, web services and websites. Some common web exploits include Cross Site Scripting (XSS), SQL Injection, Cross Site Request Forgery (CSRF).
Save your time!
We can take care of your essay
- Proper editing and formatting
- Free revision, title page, and bibliography
- Flexible prices and money-back guarantee
Place an order
Web Exploits
- SQL Injection – in this type of attack, the attacker inserts malicious SQL code in a genuine command or query by the application/user and tricks the SQL server for parsing into executing it. The attack occurs as the web application does not validate/sanitize the parameters that are dynamically passed by the user. SQL attack takes can take place in two stages, reconnaissance and attack. In the reconnaissance phase the attacker applies ‘hit and trial’ method by inserting unexpected random values and observes the behavior of the application. In the attack phase the attacker, after studying the behavior of the application, inserts cautiously crafted input that will be interpreted as part of SQL query.
- Cross Site Scripting (XSS) – the attacker uses this attack steal important or confidential information from the user. The attacker does this by running scripts on the user’s browser. The browser interprets the scripts as legitimate code and executes them. XSS can be categorized into three categories namely Reflected XSS, Stored/Persistent XSS and DOM Based XSS. There is also a fourth category called Universal XSS which is less common.
- Cross Site Request Forgery (CSRF) – CSRF attacks are potentially dangerous because the attacker assumes the identity of the user and attains the privileges of the victim as part of the forged request. These attacks have been called the ‘sleeping giant’ of web-based vulnerabilities because many sites on the Internet fail to protect against them and because they have been largely ignored by the web development and security communities.
Web Application Security Across Sectors
There is an unimaginable amount of insecure data circulating on the Internet. Latest innovation in technology have let to IoT, artificial intelligence and machine learning. Web 2.0 applications such as video sharing, websites, social networking, have further escalated the security concerns. Not only the Information technology domain but financial institutions, healthcare divisions, energy and manufacturing, financial domain, telecom operators, government agencies, ecommerce retailers and others that run mission-critical business applications online are vulnerable to web application attacks. Hackers do not target any specific sector.
Conclusion
Number of exploits exist that pose a threat to the security of web application. We have to secure the application not only from the traditional attacks but also the new attacks that have emerged with the evolution of technology. The reality is that even in a fairly robust security environment, an attackers may be able to find vulnerabilities and hence a holistic security strategy is required. Web application attacks had gone up by 10% year-on-year. The basic steps in protecting web applications include using up-to-date encryption, requiring proper authentication, continuously patching discovered vulnerabilities, and having good software development hygiene. The best method to prevent such attacks is to incorporate security in all the phases of software development life cycle of a web application.
References
- K. Nirmal, B. Janet and R. Kumar, “Web application vulnerabilities – The hacker’s treasure”, ” Proceedings of the International Conference on Inventive Research in Computing Applications (ICIRCA 2018), pp. 58–62, 2018.
- Positive Technologies, Cybersecurity Threatscape 2018 : Trends and forecast, 2019.
- R. Pompon, Application Protection Report, F5 LABS, 2018. https://www.f5.com/content/dam/f5-labs-v2/article/pdfs/F5Labs_2018_Application_Protection_Report.pdf
- J. Clarke, SQL Injection Attacks and Defense, Syngress Publishing, Inc., Massachusetts: Burlington; 2009.
- Vercode, Vulnerability Decoder: SQL Injection, 2017. https://www.veracode.com/sites/default/files/Resources/Datasheets/sql-injection-cheat-sheet.pdf
- M. Cross and S. Palmer, Web Application Vulnerabilities: Detect, Exploit, Prevent, Syngress Publishing, Inc., Massachusetts: Burlington; 2007.
- W. Zeller and E.W. Felton, Cross-Site Request Forgeries: Exploitation and Prevention, Technical Report. Princeton University, 2008.
- Verizon Enterprise Solution, 2019 Data Breach Investigations Report, 2019. Report No. 1258380.
- TCell, Security Report for In-Production Web Applications, tCell.io, Inc., 2019.
Did you like this example?
Make sure you submit a unique essay
Our writers will provide you with an essay sample written from scratch: any topic, any deadline, any instructions.
Cite this paper
-
APA
-
MLA
-
Harvard
-
Vancouver
Summary of Web Application Vulnerabilities.
(2022, October 28). Edubirdie. Retrieved December 22, 2024, from https://edubirdie.com/examples/summary-of-web-application-vulnerabilities/
“Summary of Web Application Vulnerabilities.” Edubirdie, 28 Oct. 2022, edubirdie.com/examples/summary-of-web-application-vulnerabilities/
Summary of Web Application Vulnerabilities. [online].
Available at: <https://edubirdie.com/examples/summary-of-web-application-vulnerabilities/> [Accessed 22 Dec. 2024].
Summary of Web Application Vulnerabilities [Internet]. Edubirdie.
2022 Oct 28 [cited 2024 Dec 22].
Available from: https://edubirdie.com/examples/summary-of-web-application-vulnerabilities/
copy