Web Vulnerabilities: Issues and Analysis
Keywords:
Open Web Application Security Project (OWASP), Vulnerability Disclosure, Vulnerability Research, Common Weakness Enumeration (CWE), Vulnerability Scoring Systems, Exploit Analysis, Exploit Development.Abstract
Pervasive and exploitable, software vulnerabilities pose a continuous threat to system security, empowering cybercriminals to disrupt operations, steal data, or compromise critical infrastructure. This paper leverages the OWASP Top 10, a recognized standard for web application security risks, to provide a comprehensive analysis of the top five most critical vulnerabilities. It delves into the technical details, potential consequences, and mitigation strategies for each of these vulnerabilities. The paper also offers a brief overview of the remaining OWASP Top 10 categories, equipping readers with a well-rounded understanding of prevalent web application security threats. By understanding these vulnerabilities and their analysis methods, organizations can proactively safeguard their web applications and enhance their overall cyber defense posture.
Downloads
References
“OWASP Top Ten | OWASP Foundation.” Accessed: Jul. 13, 2023. [Online]. Available: https://owasp.org/www-project-top-ten/
M. M. Hassan, M. A. Ali, T. Bhuiyan, M. H. Sharif, and S. Biswas, “Quantitative Assessment on Broken Access Control Vulnerability in Web Applications”, 2018.
“OWASP Top 10 -2021,” TryHackMe. Accessed: Aug. 13, 2023. [Online]. Available: https://tryhackme.com/r/room/owasptop102021
D. A. Kindy and A.-S. K. Pathan, “A survey on SQL injection: Vulnerabilities, attacks, and prevention techniques,” in 2011 IEEE 15th International Symposium on Consumer Electronics (ISCE), Singapore, Singapore: IEEE, Jun. 2011, pp. 468–471. doi: 10.1109/ISCE.2011.5973873.
S. Tyagi and K. Kumar, “Evaluation of Static Web Vulnerability Analysis Tools,” in 2018 Fifth International Conference on Parallel, Distributed and Grid Computing (PDGC), Solan Himachal Pradesh, India: IEEE, Dec. 2018, pp. 1–6. doi: 10.1109/PDGC.2018.8745996.
I. Balasundaram and E. Ramaraj, “An Authentication Mechanism to prevent SQL Injection Attacks,” International Journal of Computer Applications, vol. 19, 2011.
“OWASP Top 10–2021 | Tryhackme Writeup/Walkthrough | By Md Amiruddin | by Md Amiruddin | InfoSec Write-ups.” Accessed: Aug. 13, 2023. [Online]. Available: https://infosecwriteups.com/owasp-top-10-2021-tryhackme-writeup-walkthrough-by-md-amiruddin-913e477c0ea1
B. Schneier, “Cryptographic design vulnerabilities,” Computer, vol. 31, no. 9, pp. 29–33, Sep. 1998, doi: 10.1109/2.708447.
B. Eshete, A. Villafiorita, and K. Weldemariam, “Early Detection of Security Misconfiguration Vulnerabilities in Web Applications,” in 2011 Sixth International Conference on Availability, Reliability and Security, Vienna, Austria: IEEE, Aug. 2011, pp. 169–174. doi: 10.1109/ARES.2011.31.[10]Detectify, “How Patreon got hacked -Frans Rosén,” Labs Detectify. Accessed: Aug. 13, 2023. [Online]. Available: https://labs.detectify.com/writeups/how-patreon-got-hacked-publicly-exposed-werkzeug-debugger/
International Journal of Intelligent Systems and Applications in EngineeringIJISAE, 2024,12(21s), 4749–4758|4758
C. J. Mok and C. W. Chuah, “An Intelligence Brute Force Attack on RSA Cryptosystem,” vol. 1, no. 1, 2019.[12]A. Younis, Y. K. Malaiya, and I. Ray, “Assessing vulnerability exploitability risk using software properties,” Software Qual J, vol. 24, no. 1, pp. 159–202, Mar. 2016, doi: 10.1007/s11219-015-9274-6.
Downloads
Published
How to Cite
Issue
Section
License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
All papers should be submitted electronically. All submitted manuscripts must be original work that is not under submission at another journal or under consideration for publication in another form, such as a monograph or chapter of a book. Authors of submitted papers are obligated not to submit their paper for publication elsewhere until an editorial decision is rendered on their submission. Further, authors of accepted papers are prohibited from publishing the results in other publications that appear before the paper is published in the Journal unless they receive approval for doing so from the Editor-In-Chief.
IJISAE open access articles are licensed under a Creative Commons Attribution-ShareAlike 4.0 International License. This license lets the audience to give appropriate credit, provide a link to the license, and indicate if changes were made and if they remix, transform, or build upon the material, they must distribute contributions under the same license as the original.