Web Application Security Tools Analysis
TL;DR: This paper demonstrates the architecture of web applications then lists and evaluates the widespread security vulnerabilities, and evaluates tools due to security vulnerabilities and gives recommendations to the web applications' users and administrators aiming to educate them.
read more
Abstract: Strong security in web applications is critical to the success of your online presence. Security importance has grown massively, especially among web applications. Dealing with web application or website security issues requires deep insight and planning, not only because of the many tools that are available but also because of the industry immaturity. Thus, finding the proper tools requires deep understanding and several steps, including analyzing the development environment, business needs, and the web applications’ complexity. In this paper, we demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities. Those vulnerabilities are: Fingerprinting, Insufficient Transport Layer Protection, Information Leakage, Cross-Site Scripting, SQL Injection, and HTTP Splitting. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications’ users and administrators aiming to educate them.
read more
Chat with Paper
AI Agents for this Paper
Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps
Citations
Evaluation of Web Vulnerability Scanners Based on OWASP Benchmark
Balume Mburano,Weisheng Si +1 more
- 01 Dec 2018
TL;DR: This paper compares the performances of some open source web vulnerability scanners of their careful choice by running them against the OWASP benchmark, which is developed by the Open Web Application Security Project (OWASP), a well-known non-profit web security organization.
Web application attack detection and forensics: A survey
Mohammed Babiker,Enis Karaarslan,Yasar Hoscan +2 more
- 22 Mar 2018
TL;DR: This study aims to investigate the techniques and solutions used to detect attacks, such as firewalls, intrusion detection systems, honeypots and forensic techniques, by focusing on the data mining techniques in forensics.
26
Cybersecurity Tools for IS Auditing
Osamah M. M. Al-Matari,Iman M. A. Helal,Sherif A. Mazen,Sherif Elhennawy +3 more
- 01 Oct 2018
TL;DR: A comparative study of the capabilities of most of the available automated cybersecurity auditing tools for frontend cloud computing to lead to knowing how to secure the enterprise's assets by using automated tools and techniques.
11
Security Scanner For Web Applications Case Study: Learning Management System
Rian Andrian,Ahmad Fauzi +1 more
TL;DR: This research aims to develop a web application security scanner that can help overcome security problems in web applications.
References
The Transport Layer Security (TLS) Protocol Version 1.2
Eric Rescorla
- 01 Aug 2008
TL;DR: This document specifies Version 1.2 of the Transport Layer Security (TLS) protocol, which provides communications security over the Internet by allowing client/server applications to communicate in a way that is designed to prevent eavesdropping, tampering, or message forgery.
Review: A survey on security issues in service delivery models of cloud computing
S. Subashini,V. Kavitha +1 more
TL;DR: A survey of the different security risks that pose a threat to the cloud is presented and a new model targeting at improving features of an existing model must not risk or threaten other important features of the current model.
2.8K
Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds
Thomas Ristenpart,Eran Tromer,Hovav Shacham,Stefan Savage +3 more
- 09 Nov 2009
TL;DR: It is shown that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target, and how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.
•Book
Network Security Essentials : Applications and Standards
William Stallings
- 01 Jul 2007
TL;DR: This book is intended as a one-semester undergraduate course on network security for computer science, computer engineering, and electrical engineering majors, and serves as a basic reference volume and is suitable for self-study.
956
Cloud Computing: Benefits, Risks and Recommendations for Information Security
Daniele Catteddu
- 10 Dec 2009
TL;DR: The presentation “Cloud Computing: Benefits, risks and recommendations for information security” will cover some the most relevant information security implications of cloud computing from the technical, policy and legal perspective.