Web Application Vulnerabilities: A Comprehensive Study of Attack Techniques and Countermeasures

Authors

  • Abhishek Jagtap
  • Anurag Yewale
  • Omkar Parve
  • Vikas Magar

Keywords:

Broken Access Control, CSRF, Injection, LFI, OWASP Top-10, SQL Injection, XXE, Session Misconfigurationn

Abstract

The significance of secure computer systems is becoming more and more clear as more computer systems are used to automate corporate processes and store confidential material. This significance is made more apparent by the fact that applications and computer systems are scattered and accessed via unsecure connections, including the Internet.  The Internet has become a crucial component for governments, corporations, financial institutions, and millions of users in their day-to-day lives. Computer networks enable a variety of operations that, if lost, would seriously impair the operation of these companies. As a result, cybersecurity-related challenges have evolved into national security-related issues. The challenge of safeguarding the Internet is difficult.

This paper presents certain recognized vulnerabilities of information security, classifies them, and evaluates safeguarding measures and methods for opposing the vulnerabilities.

Downloads

Download data is not yet available.

References

Isern, G. Internet Security Attacks at the Basic LevelsACM SIGOPS Operating Systems Review, 32(2):4 15,2002.

https://www.radware.com/getattachment/ba8a3263-703b-4cc7-a5d0-741dc00e9273/H1-2022-Threat-Analysis-Report_2022_Report-V2.pdf.aspx

https://owasp.org/www-project-top-ten/

Xiaoli Lin, Pavol Zavarsky, Ron Ruhl, Dale Lindskog, “Threat Modeling for CSRF Attacks”, International Conference on Computational Science and Engineering, 2009

https://owasp.org/Top10/A01_2021-Broken_Access_Control/

http://www.webappsec.org/projects/threat/

T. Schreiber. Session Riding: A Widespread Vulnerability in that our solution will prove useful in protecting vulnerable Today's Web Applications. http: //www. securenet.web applications. de/papers/Session_Riding.pdf,2001.

P. W. Cross-Site Request Forgeries. http: //www.securityfocus. com/archive/l/1913 90, 2001.

Begum, Afsana & Hassan, Md Maruf & Bhuiyan, Touhid & Sharif, Md Hasan. (2016). RFI and SQLi based local file inclusion vulnerabilities in web applications of Bangladesh. 21-25. 10.1109/IWCI.2016.7860332.

https://owasp.org/Top10/A03_2021-Injection/

Aucsmith. Creating and Maintaining Software that Resists Malicious Attack.

https://www.statista.com/statistics/806081/worldwide-application-vulnerability-taxonomy/

https://cwe.mitre.org/data/definitions/91.html

https://www.hackerone.com/knowledge-center/xxe-complete-guide-impact-examples-and-prevention

https://owasp.org/Top10/A05_2021-Security_Misconfiguration/

https://www.kali.org/tools/john/

https://www.cisa.gov/news-events/alerts/2014/10/17/ssl-30-protocol-vulnerability-and-poodle-attack

https://www.wallarm.com/what/what-is-a-beast-attack

https://www.acunetix.com/vulnerabilities/web/crime-ssl-tls-attack/

Akkar, ML., Giraud, C. (2001). An Implementation of DES and AES, Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds) Cryptographic Hardware and Embedded Systems — CHES 2001. CHES 2001. Lecture Notes in Computer Science, vol 2162. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44709-1_26

https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

https://developer.mozilla.org/en-US/docs/Glossary/CORS

Additional Files

Published

30-05-2023

How to Cite

Abhishek Jagtap, Anurag Yewale, Omkar Parve, & Vikas Magar. (2023). Web Application Vulnerabilities: A Comprehensive Study of Attack Techniques and Countermeasures. Vidhyayana - An International Multidisciplinary Peer-Reviewed E-Journal - ISSN 2454-8596, 8(si7), 416–432. Retrieved from http://j.vidhyayanaejournal.org/index.php/journal/article/view/834