ABSTRACT
Web applications are popular software application types
in which the client runs the application stored in server in his/her web
browser. The most important think is the developers considers only on their
productivity, but fails to provide security. This causes vulnerabilities in web
applications. These vulnerabilities not only causes intruders to access
servers, but also causes access the clients’ private details. So, the research
on the subject `web application’s vulnerabilities` is very important.
The top vulnerabilities visible in web applications are Injection
vulnerabilities (Remote Code Execution (RCE), SQL Injection (SQLi)), File
Inclusion, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF),
Broken Authentication and Session Management, Insecure direct object reference, Unvalidated redirects and forwards, Arbitrary file
upload, etc.
INTRODUCTION
Vulnerabilities in web application may results the stealing
of sensitive data and provide unauthorized accesses to the hackers/crackers. According
to the survey of web application security firm Acunetix, the 60% of found
vulnerabilities affects web applications.
According to the security vendor Cenzic, the top
vulnerabilities in March 2012 include:
Percentage
|
Vulnerability
|
37%
|
Cross-site scripting
|
16%
|
SQL injection
|
5%
|
Path disclosure
|
5%
|
Denial-of-service
attack
|
4%
|
Arbitrary code
execution
|
4%
|
Memory corruption
|
4%
|
Cross-site request
forgery
|
5%
|
File inclusion
|
3%
|
Data breach
(information disclosure)
|
16%
|
Other, including
code injection
|
According to OWASP, the most efficient way of finding
security vulnerabilities in web applications is manual code review. This
technique is very time-consuming, requires expert skills, and is prone to
overlooked errors. Therefore, security society actively develops automated
approaches to finding security vulnerabilities. These approaches can be divided
into two wide categories: black-box and white-box testing.
The above image is the screenshot of website 0day.today,
the repository of exploits. If you analyze the verified vulnerability exploits
submitted to this website you can recognize how many exploits are releasing
daily for newly detected vulnerabilities, it will be a large number. And also recognize
most share of exploits are for exploiting web applications including popular
frameworks like Wordpress, Drupal, etc.
So the, research on web application vulnerability and
security is important as well as productivity of applications.
PRESENTATION
