What are some of the tools that are being used to accurately fingerprint a web server?

there are a number of tools that are being used to accurately fingerprint a web server such as Httprint, Nmap, Netcraft, SHODAN, WhatWeb, BlindElephant, and Wappalyzer.

What is the common type of data that is collected by SHODAN?

SHODAN currently collects data mostly on web servers (HTTP port 80), but there is also some data from FTP (21), SSH (22) Telnet (23), SNMP (161), and SIP (5060) services.

What is the definition of a cross user defacement attack?

cross user defacement enables the attacker to steal information from the user such as login information by making a fake login screen for the website, thus allowing account compromise.

What is the definition of a web server fingerprinting?

Web server/application fingerprinting is the passive collection of configuration attributes from a remote device during the application layer.

What is the way to search for information in a standard banner?

To simply search for information that would be found in a standard banner (such as the software version in use), one can input the query into the search box, and if needed, select the country on the drop-down map to limit results by country.

What is the main reason for the attacks on web applications?

As a result, those threats may compromise web applications’ security by breaching an enormous amount of information, which could lead to severe economic losses or cause damages.

What are the features that are extensible by scripts?

These features are extensible by scripts that provide more advanced service detection, vulnerability detection, and other features (Lyon, 2009) such as:•

Open AccessProceedings Article10.1109/BIGDATASECURITY.2017.47

Web Application Security Tools Analysis

Abdulrahman Alzahrani, +4 more

- 26 May 2017

- pp 237-242

TL;DR: This paper demonstrates the architecture of web applications then lists and evaluates the widespread security vulnerabilities, and evaluates tools due to security vulnerabilities and gives recommendations to the web applications' users and administrators aiming to educate them.

Abstract: Strong security in web applications is critical to the success of your online presence. Security importance has grown massively, especially among web applications. Dealing with web application or website security issues requires deep insight and planning, not only because of the many tools that are available but also because of the industry immaturity. Thus, finding the proper tools requires deep understanding and several steps, including analyzing the development environment, business needs, and the web applications' complexity. In this paper, we demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities. Those vulnerabilities are: Insufficient Transport Layer Protection, Information Leakage, Cross-Site Scripting, and SQL Injection. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications' users and administrators aiming to educate them.

AI Agents for this Paper

Find similar papers on Google Scholar, PubMed and Arxiv
Write a critical review of this paper
Analyze citations of this paper to find unaddressed research gaps

Most frequently asked questions

1. What contributions have the authors mentioned in the paper "Web application security tools analysis" ?

In this paper, the authors demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities.. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications.. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications ’ users and administrators aiming to educate them.

2. What are the common web application security vulnerabilities?

According to The web Application Security Consortium (Huang & Lee, 2005), the most widespread vulnerabilities are Cross-Site Scripting, Information Leakage, SQL Injection, Insufficient Transport Layer Protection, Fingerprinting, and HTTP Response Splitting.

3. Why are tools developed to prevent attacks in the sever-side?

Because attackers from client-side inject malicious codes in this type of vulnerabilities, tools are developed to prevent attacks in the sever-side.

4. What are the causes of Cross-Site Scripting, SQL Injection, and HTTP Response?

As a rule, the causes of Cross-Site Scripting, SQL Injection, and HTTP Response Splitting vulnerabilities are design errors, while Information Leakage, Insufficient Transport Layer Protection, and Fingerprinting are often caused by insufficient administration.

Table 4. Cross-Site scripting vulnerability tools

Table 2. Fingerprinting and Information Leakage vulnerabilities’ tools

Citations

Proceedings Article•10.1109/ISDFS.2018.8355378

Web application attack detection and forensics: A survey

Mohammed Babiker, +2 more

- 22 Mar 2018

TL;DR: This study aims to investigate the techniques and solutions used to detect attacks, such as firewalls, intrusion detection systems, honeypots and forensic techniques, by focusing on the data mining techniques in forensics.

...read moreread less

Proceedings Article•10.1109/ES.2018.00040

Cybersecurity Tools for IS Auditing

Osamah M. M. Al-Matari, +3 more

- 01 Oct 2018

TL;DR: A comparative study of the capabilities of most of the available automated cybersecurity auditing tools for frontend cloud computing to lead to knowing how to secure the enterprise's assets by using automated tools and techniques.

...read moreread less

Journal Article•10.1002/stvr.1826

Summary of Combinatorial Methods for Dynamic Gray-Box SQL Injection Testing

Bernhard Garn, +3 more

- 04 Jul 2022

- Software Testing, Verification & Reliabi...

TL;DR:

...read moreread less

Proceedings Article•10.1109/HNICEM.2018.8666441

Motion-Activated Facial Recognition-Based Electronic Residential Logbook using PCA Algorithm with Web Application

Rafael G. Maramba, +4 more

- 01 Nov 2018

TL;DR: The researchers were able to meet all of their objectives and provided the expected output with a 13% error rate for the facial recognition system with only 5 training faces conducted for each resident.

...read moreread less

Book Chapter•10.1007/978-981-16-2594-7_34

Analyzing Security Testing Tools for Web Applications

Amel F. Aljebry, +2 more

- 01 Jan 2022

...

Expand

References

Journal Article•10.1016/J.JNCA.2010.07.006

Review: A survey on security issues in service delivery models of cloud computing

S. Subashini, +1 more

- 01 Jan 2011

- Journal of Network and Computer Applicat...

TL;DR: A survey of the different security risks that pose a threat to the cloud is presented and a new model targeting at improving features of an existing model must not risk or threaten other important features of the current model.

...read moreread less

2.8K

Proceedings Article•10.1145/1653662.1653687

Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Thomas Ristenpart, +3 more

- 09 Nov 2009

TL;DR: It is shown that it is possible to map the internal cloud infrastructure, identify where a particular target VM is likely to reside, and then instantiate new VMs until one is placed co-resident with the target, and how such placement can then be used to mount cross-VM side-channel attacks to extract information from a target VM on the same machine.

...read moreread less

2.4K

•Book

Network Security Essentials : Applications and Standards

William Stallings

- 01 Jul 2007

TL;DR: This book is intended as a one-semester undergraduate course on network security for computer science, computer engineering, and electrical engineering majors, and serves as a basic reference volume and is suitable for self-study.

...read moreread less

956

•Book Chapter•10.1007/978-3-642-16120-9_9

Cloud Computing: Benefits, Risks and Recommendations for Information Security

Daniele Catteddu

- 10 Dec 2009

TL;DR: The presentation “Cloud Computing: Benefits, risks and recommendations for information security” will cover some the most relevant information security implications of cloud computing from the technical, policy and legal perspective.

...read moreread less

942

•Proceedings Article•10.1109/SP.2010.27

State of the Art: Automated Black-Box Web Application Vulnerability Testing

Jason Bau, +3 more

- 16 May 2010

TL;DR: In this article, the state-of-the-art of black-box web application vulnerability scanners is evaluated using a custom web application vulnerable to known and projected vulnerabilities, and previous versions of widely used web applications containing known vulnerabilities.

...read moreread less

322

...

Expand

Web Application Security Tools Analysis

Chat with Paper

AI Agents for this Paper

Most frequently asked questions

1. What contributions have the authors mentioned in the paper "Web application security tools analysis" ?

2. What are the common web application security vulnerabilities?

3. Why are tools developed to prevent attacks in the sever-side?

4. What are the causes of Cross-Site Scripting, SQL Injection, and HTTP Response?

5. What are some of the tools that are being used to accurately fingerprint a web server?

6. What is the common type of data that is collected by SHODAN?

7. What is the definition of a cross user defacement attack?

8. What is the definition of a web server fingerprinting?

9. What is the way to search for information in a standard banner?

10. What is the main reason for the attacks on web applications?

11. What are the features that are extensible by scripts?

Figures

Citations

Web application attack detection and forensics: A survey

Cybersecurity Tools for IS Auditing

Summary of Combinatorial Methods for Dynamic Gray-Box SQL Injection Testing

Motion-Activated Facial Recognition-Based Electronic Residential Logbook using PCA Algorithm with Web Application

Analyzing Security Testing Tools for Web Applications

References

Review: A survey on security issues in service delivery models of cloud computing

Hey, you, get off of my cloud: exploring information leakage in third-party compute clouds

Network Security Essentials : Applications and Standards

Cloud Computing: Benefits, Risks and Recommendations for Information Security

State of the Art: Automated Black-Box Web Application Vulnerability Testing

Related Papers (5)

Web Application Security Tools Analysis

Security Scanner For Web Applications Case Study: Learning Management System

Integrating web application security into the IT curriculum

Abstracting application-level web security

Web application security: Improving critical web-based applications quality through in-depth security analysis