Our Feeds

Friday, 24 February 2017

Ajith KP

Web Application Vulnerabilities: Dawn, Detection, Exploitation and Defence Slide Show

ABSTRACT
Web applications are popular software application types in which the client runs the application stored in server in his/her web browser. The most important think is the developers considers only on their productivity, but fails to provide security. This causes vulnerabilities in web applications. These vulnerabilities not only causes intruders to access servers, but also causes access the clients’ private details. So, the research on the subject `web application’s vulnerabilities` is very important.
The top vulnerabilities visible in web applications are Injection vulnerabilities (Remote Code Execution (RCE), SQL Injection (SQLi)), File Inclusion, Cross Site Scripting (XSS), Cross Site Request Forgery (CSRF), Broken Authentication and Session Management, Insecure direct object reference, Unvalidated redirects and forwards, Arbitrary file upload, etc.


INTRODUCTION
Vulnerabilities in web application may results the stealing of sensitive data and provide unauthorized accesses to the hackers/crackers. According to the survey of web application security firm Acunetix, the 60% of found vulnerabilities affects web applications.
According to the security vendor Cenzic, the top vulnerabilities in March 2012 include:
Percentage
Vulnerability
37%
Cross-site scripting
16%
SQL injection
5%
Path disclosure
5%
Denial-of-service attack
4%
Arbitrary code execution
4%
Memory corruption
4%
Cross-site request forgery
5%
File inclusion
3%
Data breach (information disclosure)
16%
Other, including code injection
According to OWASP, the most efficient way of finding security vulnerabilities in web applications is manual code review. This technique is very time-consuming, requires expert skills, and is prone to overlooked errors. Therefore, security society actively develops automated approaches to finding security vulnerabilities. These approaches can be divided into two wide categories: black-box and white-box testing.


The above image is the screenshot of website 0day.today, the repository of exploits. If you analyze the verified vulnerability exploits submitted to this website you can recognize how many exploits are releasing daily for newly detected vulnerabilities, it will be a large number. And also recognize most share of exploits are for exploiting web applications including popular frameworks like Wordpress, Drupal, etc.

So the, research on web application vulnerability and security is important as well as productivity of applications. 

PRESENTATION