WEB Applications Vulnerability Analysis and prevention

Tarig Ali Elshheibia; Mohsen Ibrahim Mohamed; Abdullah Mohammed Almahdi

doi:10.58916/jhas.v9i1.219

Authors

Tarig Ali Elshheibia Department of Computer Science, Faculty of Information Technology, University of Benghazi, Libya Author
Mohsen Ibrahim Mohamed Department of Computer Technologies, Higher Institute of Engineering Technologies, Bani Walid, Libya Author
Abdullah Mohammed Almahdi Department of Computer Technologies, Higher Institute of Engineering Technologies, Bani Walid, Libya Author

DOI:

https://doi.org/10.58916/jhas.v9i1.219

Keywords:

vulnerabilities, prevention ,web applications, web scanners (search tools)

Abstract

Web based application is a software package, which is accessed through the internet connection via HTTP protocol. Therefore, web application operates by requesting and retrieving information from database server and presents this information through the browser. [1] Despite the advantages of web application, a recent study presents that 75% of the cyber-attacks accrue in web applications level. In this paper, the professional steps of web application analysis will be shown to achieve high level of security (secure enough). The three steps are finding, exploiting and fixing the vulnerabilities. W-agora and Wordpress applications were chosen to do this analysis, both of them are an open-source application, and a sort of forum acts as a communication channel between users. The main asset of these two applications needs to be protected are user’s data (database), user’s password (user’s identity), and root’s password. This paper aims to follow the three steps of web application analysis by scanning the applications, exploiting the vulnerabilities and preventing the attacks. Acunetix Web Vulnerability Scanner (AWVS) and Netsparker scanner was used to scan the applications in order to find vulnerabilities. This scanning was conducted on Windows operation system. After performing the scanners, several vulnerabilities in both web applications were detected. Furthermore, the scanners provided simple attack as an example of how each vulnerability can be exploited.

Downloads

Download data is not yet available.

References

Ajjarapu Kusuma Priyanka و Siddemsetty Sai Smruthi، "Web Application Vulnerabilities: Exploitation and Prevention،" 2020 International Conference on Electrotechnical Complexes and Systems (ICOECS)، Ufa, Russia، 2020.

N. Jovanovic, C. Kruegel, and E. Kirda، "A static analysis tool for detecting web application vulnerabilities،" IEEE Symposium on Security and Privacy، May 2006..

Ankit Shrivastava، Santosh Choudhary و Ashish Kumar، "XSS vulnerability assessment and prevention in web application،" 2016 nd International Conference on Next Generation Computing Technologies (NGCT)، Dehradun, India، 2016.

S. Akshay Kumar و Y. Usha Rani، "Implementation and analysis of Web application security measures using OWASP Guidelines،" 2022 International Conference on Recent Trends in Microelectronics, Automation, Computing and Communications Systems (ICMACC)، Hyderabad, India، 28-30 December 2022.