Web Application Vulnerabilities: A Comprehensive Study of Attack Techniques and Countermeasures
Keywords:
Broken Access Control, CSRF, Injection, LFI, OWASP Top-10, SQL Injection, XXE, Session MisconfigurationnAbstract
The significance of secure computer systems is becoming more and more clear as more computer systems are used to automate corporate processes and store confidential material. This significance is made more apparent by the fact that applications and computer systems are scattered and accessed via unsecure connections, including the Internet. The Internet has become a crucial component for governments, corporations, financial institutions, and millions of users in their day-to-day lives. Computer networks enable a variety of operations that, if lost, would seriously impair the operation of these companies. As a result, cybersecurity-related challenges have evolved into national security-related issues. The challenge of safeguarding the Internet is difficult.
This paper presents certain recognized vulnerabilities of information security, classifies them, and evaluates safeguarding measures and methods for opposing the vulnerabilities.
Downloads
References
Isern, G. Internet Security Attacks at the Basic LevelsACM SIGOPS Operating Systems Review, 32(2):4 15,2002.
https://owasp.org/www-project-top-ten/
Xiaoli Lin, Pavol Zavarsky, Ron Ruhl, Dale Lindskog, “Threat Modeling for CSRF Attacks”, International Conference on Computational Science and Engineering, 2009
https://owasp.org/Top10/A01_2021-Broken_Access_Control/
http://www.webappsec.org/projects/threat/
T. Schreiber. Session Riding: A Widespread Vulnerability in that our solution will prove useful in protecting vulnerable Today's Web Applications. http: //www. securenet.web applications. de/papers/Session_Riding.pdf,2001.
P. W. Cross-Site Request Forgeries. http: //www.securityfocus. com/archive/l/1913 90, 2001.
Begum, Afsana & Hassan, Md Maruf & Bhuiyan, Touhid & Sharif, Md Hasan. (2016). RFI and SQLi based local file inclusion vulnerabilities in web applications of Bangladesh. 21-25. 10.1109/IWCI.2016.7860332.
https://owasp.org/Top10/A03_2021-Injection/
Aucsmith. Creating and Maintaining Software that Resists Malicious Attack.
https://www.statista.com/statistics/806081/worldwide-application-vulnerability-taxonomy/
https://cwe.mitre.org/data/definitions/91.html
https://www.hackerone.com/knowledge-center/xxe-complete-guide-impact-examples-and-prevention
https://owasp.org/Top10/A05_2021-Security_Misconfiguration/
https://www.kali.org/tools/john/
https://www.cisa.gov/news-events/alerts/2014/10/17/ssl-30-protocol-vulnerability-and-poodle-attack
https://www.wallarm.com/what/what-is-a-beast-attack
https://www.acunetix.com/vulnerabilities/web/crime-ssl-tls-attack/
Akkar, ML., Giraud, C. (2001). An Implementation of DES and AES, Secure against Some Attacks. In: Koç, Ç.K., Naccache, D., Paar, C. (eds) Cryptographic Hardware and Embedded Systems — CHES 2001. CHES 2001. Lecture Notes in Computer Science, vol 2162. Springer, Berlin, Heidelberg. https://doi.org/10.1007/3-540-44709-1_26
https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security