Web Vulnerabilities: Issues and Analysis

Authors

  • Dishant Modi, Karan Bhatt, Shivangkumar Patel, Viral Patel, Ashvinkumar Prajapati, Nitinkumar Raval, Yogendra Tank

Keywords:

Open Web Application Security Project (OWASP), Vulnerability Disclosure, Vulnerability Research, Common Weakness Enumeration (CWE), Vulnerability Scoring Systems, Exploit Analysis, Exploit Development.

Abstract

Pervasive and exploitable, software vulnerabilities pose a continuous threat to system security, empowering cybercriminals to disrupt operations, steal data, or compromise critical infrastructure. This paper leverages the OWASP Top 10, a recognized standard for web application security risks, to provide a comprehensive analysis of the top five most critical vulnerabilities. It delves into the technical details, potential consequences, and mitigation strategies for each of these vulnerabilities. The paper also offers a brief overview of the remaining OWASP Top 10 categories, equipping readers with a well-rounded understanding of prevalent web application security threats. By understanding these vulnerabilities and their analysis methods, organizations can proactively safeguard their web applications and enhance their overall cyber defense posture.

Downloads

Download data is not yet available.

References

“OWASP Top Ten | OWASP Foundation.” Accessed: Jul. 13, 2023. [Online]. Available: https://owasp.org/www-project-top-ten/

M. M. Hassan, M. A. Ali, T. Bhuiyan, M. H. Sharif, and S. Biswas, “Quantitative Assessment on Broken Access Control Vulnerability in Web Applications”, 2018.

“OWASP Top 10 -2021,” TryHackMe. Accessed: Aug. 13, 2023. [Online]. Available: https://tryhackme.com/r/room/owasptop102021

D. A. Kindy and A.-S. K. Pathan, “A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques,” in 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE), Singapore, Singapore: IEEE, Jun. 2011, pp. 468–471. doi: 10.1109/ISCE.2011.5973873.

S. Tyagi and K. Kumar, “Evaluation of Static Web Vulnerability Analysis Tools,” in 2018 Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC), Solan Himachal Pradesh, India: IEEE, Dec. 2018, pp. 1–6. doi: 10.1109/PDGC.2018.8745996.

I. Balasundaram and E. Ramaraj, “An Authentication Mechanism to prevent SQL Injection Attacks,” International Journal of Computer Applications, vol. 19, 2011.

“OWASP Top 10–2021 | Tryhackme Writeup/Walkthrough | By Md Amiruddin | by Md Amiruddin | InfoSec Write-ups.” Accessed: Aug. 13, 2023. [Online]. Available: https://infosecwriteups.com/owasp-top-10-2021-tryhackme-writeup-walkthrough-by-md-amiruddin-913e477c0ea1

B. Schneier, “Cryptographic design vulnerabilities,” Computer, vol. 31, no. 9, pp. 29–33, Sep. 1998, doi: 10.1109/2.708447.

B. Eshete, A. Villafiorita, and K. Weldemariam, “Early Detection of Security Misconfiguration Vulnerabilities in Web Applications,” in 2011 Sixth International Conference on Availability, Reliability and Security, Vienna, Austria: IEEE, Aug. 2011, pp. 169–174. doi: 10.1109/ARES.2011.31.[10]Detectify, “How Patreon got hacked -Frans Rosén,” Labs Detectify. Accessed: Aug. 13, 2023. [Online]. Available: https://labs.detectify.com/writeups/how-patreon-got-hacked-publicly-exposed-werkzeug-debugger/

International Journal of Intelligent Systems and Applications in EngineeringIJISAE, 2024,12(21s), 4749–4758|4758

C. J. Mok and C. W. Chuah, “An Intelligence Brute Force Attack on RSA Cryptosystem,” vol. 1, no. 1, 2019.[12]A. Younis, Y. K. Malaiya, and I. Ray, “Assessing vulnerability exploitability risk using software properties,” Software Qual J, vol. 24, no. 1, pp. 159–202, Mar. 2016, doi: 10.1007/s11219-015-9274-6.

Downloads

Published

26.03.2024

How to Cite

Dishant Modi. (2024). Web Vulnerabilities: Issues and Analysis. International Journal of Intelligent Systems and Applications in Engineering, 12(21s), 4749 –. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/6833

Issue

Vol. 12 No. 21s (2024)

Section

Research Article

License

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.

IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.