Advance Website Application Security Issues
Keywords:
Web Applications, Web Application Security, Structured Query Language Injection, Cross-Site Scripting, Distributed Denial of Service Attacks, Hyper Text Transfer Protocol Response Splitting, Cache Poisoning.Abstract
As the usage of web applications are increasing day-by-day. Because of easy to develop web applications within weeks and are easily accessible from any part of the world for its users. Every type of business, information sharing, or social networks are on the web now. Such as eCommerce, online banking, social network websites, blogs, online taxi booking, and online education, etc. As the growing number of users or businesses on the web, the attackers are target to attack them. There are too many types of attacks on the web applications but in this paper, few high-risk attacks are considered. Like DDoS (Distributed Denial of Service) attack on the web applications, SQL (Structured Query Language) injection, XSS (Cross-Site Scripting), Cache poisoning, DNS (Domain Name Server) poisoning, HTTP (Hyper Text Transfer Protocol) response splitting, and command injection. How these attacks are performed on the web application defined in details. Due to these attacks user’s privacy and sensitive data leakage. Web applications are also facing the issue of defacing at the organization and state level. Moreover, different tools of vulnerability scanning and protection for attacks will be described such as SQL Inject-Me, Xenotix XSS, SSLyze, XSSer. The controls to protect the web applications from these attacks and will give recommendations for web developers and system administrators. The web applications should be properly sensitized for input fields, developed as per current security standards. Current versions of web servers used modules, frameworks, and tools.