The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Security protection is usually thought to be a separate process in web application development phases but the external security protection mechanisms are not effective to control threats and vulnerabilities in web applications. As a consequence, researchers have realized security development should be an integral part of System Development Lifecycle of web applications. This article presents a universal...
In this paper, we have tested several open source web applications against common security vulnerabilities. These vulnerabilities spans from unnecessary data member declaration to leaving gaps for SQL injection. The static security vulnerabilities testing was done in three categories (1) Dodgy code vulnerabilities (2) Malicious code vulnerabilities (3) Security code vulnerabilities on seven (7) different...
In recent yeas a lot of web applications have been released in the world. At the same time, cyber attacks against web application vulnerabilities have also increased. In such a situation, it is necessary to make web applications more secure. However checking all web vulnerabilities by hand is very difficult and time-consuming. Therefore, we need a web application vulnerability scanner. In this work,...
Number of security vulnerabilities in web application has grown with the tremendous growth of web application in last two decades. As the domain of Web Applications is maturing, large number of empirical studies has been reported in web applications to address the solution of vulnerable web application. However, before advancing towards finding new approaches of web applications security vulnerability...
In the Internet of services (IoS), web applications are the most common way to provide resources to the users. The complexity of these applications grew up with the number of different development techniques and technologies used. Model-based testing (MBT) has proved its efficiency in software testing but retrieving the corresponding model of an application is still a complex task. In this paper,...
The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One...
Recently, attacks on corporate websites are increasing and personal information on websites faces growing risks. Most developers are making efforts to establish secure system development processes. However, they have trouble with practice because they are busy and short of time or human resources. This paper describes a cooperative secure integration process that the authors actualize for secure system...
Today is the world of information era, where information is available on just our single click. Web applications are playing a magnificent role in this, every organizations are mapping their business from a room to the world with the help of these Web Apps. Web applications generally consist of a three tier architecture where database is in the third pole, which is the most valuable assets in any...
Nowadays, with the prevalence of Web applications, more and more services and information are available over the Internet while their correctness, security and reliability are often crucial to the success of business and organizations. Web testing is one of the methods to ensure the Web security. However, due to the special characters of Web applications, traditional testing methods are not suitable...
User input validation is a technique to counter attacks on web applications. In typical client-server architectures, this validation is performed on the client side. This is inefficient because hackers bypass these checks and directly send malicious data to the server. User input validation thus has to be duplicated from the client-side (HTML pages) to the server-side (PHP or JSP etc.). We present...
Penetration testing is widely used to audit the security protection of Web applications. However, it is often performed by specialized security experts after development is completed and the application deployed into production. In this paper, we propose a model-driven penetration test framework for Web applications which provides a repeatable, systematic and cost-efficient approach fully integrated...
In this paper, we propose a security evaluation model for the web application and define a security evaluation function based on the Analytic Hierarchy Process (AHP) to describe the model. We use the evaluation method proposed by this paper to evaluate the vulnerability test effect of a BBS application named IPB. The experiment result reveals that the evaluation value calculated by the security evaluation...
SQL injection attacks have posed a serious security threat to Web databases. To address this problem, this paper presents a scheme of database security testing. It studies how to detect potential input points of SQL injection, automatically generate test cases and find vulnerability of databases by running these test cases to make a simulation attack to an application. The database security testing...
In this paper we propose a methodology to inject realistic attacks in Web applications. The methodology is based on the idea that by injecting realistic vulnerabilities in a Web application and attacking them automatically we can assess existing security mechanisms. To provide true to life results, this methodology relies on field studies of a large number of vulnerabilities in Web applications. The...
Contrary to popular beliefs, (Web) application security is a quality management problem and must be treated as such. Security flaws are actually bugs and affect the quality of software the same way as functional bugs do. If we don't accept this and attempt to treat the problem differently, we are going to fail.
Penetration testing is widely used to help ensure the security of web applications. It discovers vulnerabilities by simulating attacks from malicious users on a target application. Identifying the input vectors of a Web application and checking the results of an attack are important parts of penetration testing, as they indicate where an attack could be introduced and whether an attempted attack was...
Quality of Web-applications plays major role in its success. And the high quality Web-application is really possible by following high quality Web engineering process. The use of strong Web-application architecture with strong development platform not only make Web-applications robust and of high quality but also give Web-application an ability to meet changing and demanding customer requirements...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.