Professional Documents
Culture Documents
ABSTRACT
Article Info Web application security has become real concern due to increase in attacks
Volume 6, Issue 5 and data breaches. As Application becomes critical, complex and connected,
Page Number: 223-228 the difficulty of achieving application security increases exponentially. Also
Publication Issue : there are tools and techniques to detect such attacks, threat and vulnerabilities
September-October-2020 that exist in application which developer prevent and mitigate the risk
associated to it. This paper evaluates various web application attack detection
mechanisms and how resistant they are against various attacking techniques.
Such an evaluation is important for not only measuring the available attack
defense against web application attacks but also identifying gaps to build
effective solutions for different defense techniques on web application and use
it for study. Based on the research, the limitations of these application attack
detection techniques are identified and remedies proposed for improving the
Article History current state attack detection on web applications.
Accepted : 05 Sep 2020 Keywords : Input Validation; Open Web Application Security (OWASP);
Published : 15 Oct 2020 Vulnerability Assessment
Copyright: © the author(s), publisher and licensee Technoscience Academy. This is an open-access article distributed
under the terms of the Creative Commons Attribution Non-Commercial License, which permits unrestricted non-
commercial use, distribution, and reproduction in any medium, provided the original work is properly cited
223
Danish Mairaj Inamdar et al Int J Sci Res CSE & IT, September-October-2020; 6 (5) : 223-228
Example of tokens:
Type token (id, number, real, ..)
Punctuation tokens (IF, void, return, )
Alphabetic tokens (keywords)
increase in response times within the application tier, in Testing and Analysis of Web Services”, L.
but performance is constantly improving. Baresi and E. Dinitto, Eds. Springer, 2007.
[6]. J. Sohn, Ryoo, J., “Securing web applications
V. CONCLUSION with better patches: An architectural approach
for systematic input validation with security
Run-time application self protection stands above any patterns,” in: 2015 10th International
traditional Web Application Firewall, by protecting Conference on Availability, Reliability and
web applications out of the box with minimal (if any) Security. pp. 486–492 (Aug 2015)
configuration needed. This feature could [7]. Marcelo Invert Palma Salas, "Security Testing
substantially reduce risk by enabling application Methodology for Evaluation of Web Services
protection immediately upon deployment. It’s Robustness - Case: XML Injection”, Paulo Lício
capability to instrument at the Application de Geus, Eliane Martins Institute of Computing,
Programming Interface layer allows it to detect UNICAMP, Campinas, Brazil, 2015
attacks precisely. It reports fewer false positives [8]. Z. Mao, N. Li, and I. Molloy, “Defeating cross-
because of it’s ability to perform context-sensitive site request forgery attacks with browser-
matching. Also there is need to deal with challenges enforced authenticity protection,” in FC’09: 13
to build ideal Run-time application self Protection th International Conference on Financial
Solution and adapt other security techniques in Cryptography and Data Security, 2009, pp.
combination with it. 238–255
[9]. Zhou L, J. Ping, H. Xiao, Z. Wang, GeguangPu,
and Z. Ding, “Automatically Testing Web
VI. REFERENCES Services Choreography with Assertions, In
Proceedings of the 12th international
[1]. F. Holik, S. Neradova, “Vulnerabilities of Conference on Formal Engineering Methods
Modern Web Applications, MIPRO 2017”, May and Software Engineering. ICFEM’10”.
22- 26, 2017, Opatija, Croatia Springer-Verlag, Berlin, Heidelberg, 2010.
[2]. Ashikali M Hasan, “Perusal of Web Application [10]. H. Hakim, Sellami, A., Abdallah, H.B.,
Security Approach”, 2017 International “Evaluating security in web application design
Conference on Intelligent Communication and using functional and structural size
Computational Techniques (ICCT) Manipal measurements,” in: 2016 Joint Conference of
University Jaipur, Dec 22-23, 2017 the International Workshop on Software
[3]. M. Alenezi, Javed, Y., “Open source web Measurement and the International
application security: A static analysis approach,” Conference on Software Process and Product
in: 2016 International Conference on Measurement (IWSM-MENSURA). pp. 182–
Engineering MIS (ICEMIS). pp. 1–5 (Sept 2016) 190 (Oct 2016)
[4]. S. Rafique, Humayun, M., Hamid, B., Abbas, A., [11]. Daniel Nations, "Improve Your Understanding
Akhtar, Iqbal, K., “Web application security of Web Applications,lifewire.com”, 17 October
vulnerabilities detection approaches: A 2016 ..
systematic mapping study,” in: 2015 IEEE/ACIS [12]. OWASP Secure Coding Practices, "OWASP
[5]. M. Cova, V. Felmetsger, and G. Vigna, Secure Coding Practices - Quick Reference
“Vulnerability Analysis of Web Applications, Guide", 11 May 2017.