CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Effective Penetration Testing Approach for Modern Web Application Vulnerabilities

by Leelark Sharan Saxena
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 181 - Number 22
Year of Publication: 2018
Authors: Leelark Sharan Saxena
10.5120/ijca2018917958

Leelark Sharan Saxena . Effective Penetration Testing Approach for Modern Web Application Vulnerabilities. International Journal of Computer Applications. 181, 22 ( Oct 2018), 44-50. DOI=10.5120/ijca2018917958

@article{ 10.5120/ijca2018917958,
author = { Leelark Sharan Saxena },
title = { Effective Penetration Testing Approach for Modern Web Application Vulnerabilities },
journal = { International Journal of Computer Applications },
issue_date = { Oct 2018 },
volume = { 181 },
number = { 22 },
month = { Oct },
year = { 2018 },
issn = { 0975-8887 },
pages = { 44-50 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume181/number22/30021-2018917958/ },
doi = { 10.5120/ijca2018917958 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:06:45.556697+05:30
%A Leelark Sharan Saxena
%T Effective Penetration Testing Approach for Modern Web Application Vulnerabilities
%J International Journal of Computer Applications
%@ 0975-8887
%V 181
%N 22
%P 44-50
%D 2018
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Now days, every business of any domain that is education, sports, heath, gaming, service etc or any government organization are online i.e. they have a web application. Each and every web application have large amount of confidential data related to their users or important data about their organization and it can be extremely destructive if it goes in the hand of wrong and unauthorized person. This paper focuses on determining whether the developed web application is secured against different and most destructive types of web attacks or not. This paper not only describes about destructive web application attacks but it also elaborates each and every step a pen tester need to follow to detect each type of vulnerability, and how to exploit it to perform unauthorized actions as firstly it is necessary to find whether an application is vulnerable to any attack or not before directly going towards taking all precaution steps towards all type of vulnerability. And moreover penetration testing also gives a clear idea of the specific part or the functionality of the targeted web application which is vulnerable to which particular type of attack.

References
  1. Xiaowei Li and Yuan Xue, A Survey on Web Application Security. Available : http://www.isis.vanderbilt.edu/sites/default/files/main_0.pdf
  2. Gopal R. Chaudhari and Prof. Madhav V. Vaidya, “A Survey on Security and Vulnerabilities of Web Application”, (IJCSIT) International Journal of
  3. Computer Science and Information Technologies, Vol. 5 (2), (2014)
  4. “Nmap: the network mapper” [online]. Available: https://nmap.org/
  5. “metasploit” [online]. Available: https://www.metasploit.com
  6. OWASP Top 10 Web Application Vulnerabilities, https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project
  7. Shrivastava, Ankit, Santosh Choudhary, and Ashish Kumar. “XSS vulnerability assessment and prevention in web application” Next Generation Computing Technologies (NGCT), 2016 2nd International Conference on. IEEE, 2016.
  8. What is SQL Injection and How to Prevent it | Netsparker - (2018, June 5). [Online] Available: https://www.netsparker.com/blog/web-security/sqlinjection-vulnerability/
  9. www.w3schools.com/xpath - Web Element Locator.
  10. XPATH Injection – OWASP (2018, May 19). [Online] Available: https://www.owasp.org/index.php/XPATH_Injection
  11. What is the Remote File Inclusion vulnerability? [Online] Available: https://www.netsparker.com/blog/web-security/remote-file-inclusion-vulnerability/
  12. Afasana Begum and Md. Maruf Hassan,”RFI and SQLi based Local File Inclusion Vulnerabilities in Web Applications”, International Workshop on Computational Intelligence (IWCI), 12-13 Dec 2016.
  13. Nikunj Tande and Kalpesh Patel,"Mitigation of CSRF Attack", International Journal of Science and Research (IJSR), (2012).
  14. “Threat Modelling for CSRF Attacks”, Xiaoli Lin, Pavol Zavarsky, Ron Ruhl and Dale Lindskog, 2009 International Conference on Computational Science and Engineering.
  15. C. Visaggio,”Session Management Vulnerabilities in Todays Web”, in IEEE Security and Privacy,48-56, 2010Tavel, P. 2007 Modeling and Simulation Design. AK Peters Ltd.
  16. Jerry, Louis, Detection of session hijacking, 2011
  17. Vishnoi, Monika and Tech,Laxman and Agarwal, MIT, Session Hijacking And Its Countermeasures, International Journal of Scientific Research Engineering and Technology (IJSRET), (2013)250–252
Index Terms

Computer Science
Information Sciences

Keywords

Attacks penetration testing security threats in web application vulnerability web application web application testing

Powered by PhDFocusTM