Web Vulnerabilities: Issues and Analysis

Authors

  • Dishant Modi, Karan Bhatt, Shivangkumar Patel, Viral Patel, Ashvinkumar Prajapati, Nitinkumar Raval, Yogendra Tank

Keywords:

Open Web Application Security Project (OWASP), Vulnerability Disclosure, Vulnerability Research, Common Weakness Enumeration (CWE), Vulnerability Scoring Systems, Exploit Analysis, Exploit Development.

Abstract

Pervasive and exploitable, software vulnerabilities pose a continuous threat to system security, empowering cybercriminals to disrupt operations, steal data, or compromise critical infrastructure. This paper leverages the OWASP Top 10, a recognized standard for web application security risks, to provide a comprehensive analysis of the top five most critical vulnerabilities. It delves into the technical details, potential consequences, and mitigation strategies for each of these vulnerabilities. The paper also offers a brief overview of the remaining OWASP Top 10 categories, equipping readers with a well-rounded understanding of prevalent web application security threats. By understanding these vulnerabilities and their analysis methods, organizations can proactively safeguard their web applications and enhance their overall cyber defense posture.

Downloads

Download data is not yet available.

References

“OWASP Top Ten | OWASP Foundation.” Accessed: Jul. 13, 2023. [Online]. Available: https://owasp.org/www-project-top-ten/

M. M. Hassan, M. A. Ali, T. Bhuiyan, M. H. Sharif, and S. Biswas, “Quantitative Assessment on Broken Access Control Vulnerability in Web Applications”, 2018.

“OWASP Top 10 -2021,” TryHackMe. Accessed: Aug. 13, 2023. [Online]. Available: https://tryhackme.com/r/room/owasptop102021

D. A. Kindy and A.-S. K. Pathan, “A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques,” in 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE), Singapore, Singapore: IEEE, Jun. 2011, pp. 468–471. doi: 10.1109/ISCE.2011.5973873.

S. Tyagi and K. Kumar, “Evaluation of Static Web Vulnerability Analysis Tools,” in 2018 Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC), Solan Himachal Pradesh, India: IEEE, Dec. 2018, pp. 1–6. doi: 10.1109/PDGC.2018.8745996.

I. Balasundaram and E. Ramaraj, “An Authentication Mechanism to prevent SQL Injection Attacks,” International Journal of Computer Applications, vol. 19, 2011.

“OWASP Top 10–2021 | Tryhackme Writeup/Walkthrough | By Md Amiruddin | by Md Amiruddin | InfoSec Write-ups.” Accessed: Aug. 13, 2023. [Online]. Available: https://infosecwriteups.com/owasp-top-10-2021-tryhackme-writeup-walkthrough-by-md-amiruddin-913e477c0ea1

B. Schneier, “Cryptographic design vulnerabilities,” Computer, vol. 31, no. 9, pp. 29–33, Sep. 1998, doi: 10.1109/2.708447.

B. Eshete, A. Villafiorita, and K. Weldemariam, “Early Detection of Security Misconfiguration Vulnerabilities in Web Applications,” in 2011 Sixth International Conference on Availability, Reliability and Security, Vienna, Austria: IEEE, Aug. 2011, pp. 169–174. doi: 10.1109/ARES.2011.31.[10]Detectify, “How Patreon got hacked -Frans Rosén,” Labs Detectify. Accessed: Aug. 13, 2023. [Online]. Available: https://labs.detectify.com/writeups/how-patreon-got-hacked-publicly-exposed-werkzeug-debugger/

International Journal of Intelligent Systems and Applications in EngineeringIJISAE, 2024,12(21s), 4749–4758|4758

C. J. Mok and C. W. Chuah, “An Intelligence Brute Force Attack on RSA Cryptosystem,” vol. 1, no. 1, 2019.[12]A. Younis, Y. K. Malaiya, and I. Ray, “Assessing vulnerability exploitability risk using software properties,” Software Qual J, vol. 24, no. 1, pp. 159–202, Mar. 2016, doi: 10.1007/s11219-015-9274-6.

Downloads

Published

26.03.2024

How to Cite

Dishant Modi. (2024). Web Vulnerabilities: Issues and Analysis. International Journal of Intelligent Systems and Applications in Engineering, 12(21s), 4749 –. Retrieved from https://ijisae.org/index.php/IJISAE/article/view/6833

Issue

Section

Research Article