Advance Website Application Security Issues

Authors

  • GHULAM HUSSAIN JALBANI Quaid-e-Awam University of Engineering, Science & Technology, Nawabshah, Pakistan.
  • AKHTAR HUSSAIN JALBANI Quaid-e-Awam University of Engineering, Science & Technology, Nawabshah, Pakistan.
  • ROZITA JAMILI OSKOUEI Mahdishahr Branch, Islamic Azad University, Mahdishahr, Iran.
  • FOZIA NOUREEN Quaid-e-Awam University of Engineering, Science & Technology, Nawabshah, Pakistan.
  • ZOJAN MEMON University of Sufism & Modern Sciences, Bhitshah, Pakistan

Keywords:

Web Applications, Web Application Security, Structured Query Language Injection, Cross-Site Scripting, Distributed Denial of Service Attacks, Hyper Text Transfer Protocol Response Splitting, Cache Poisoning.

Abstract

As the usage of web applications are increasing day-by-day. Because of easy to develop web applications within weeks and are easily accessible from any part of the world for its users. Every type of business, information sharing, or social networks are on the web now. Such as eCommerce, online banking, social network websites, blogs, online taxi booking, and online education, etc. As the growing number of users or businesses on the web, the attackers are target to attack them. There are too many types of attacks on the web applications but in this paper, few high-risk attacks are considered. Like DDoS (Distributed Denial of Service) attack on the web applications, SQL (Structured Query Language) injection, XSS (Cross-Site Scripting), Cache poisoning, DNS (Domain Name Server) poisoning, HTTP (Hyper Text Transfer Protocol) response splitting, and command injection. How these attacks are performed on the web application defined in details. Due to these attacks user’s privacy and sensitive data leakage. Web applications are also facing the issue of defacing at the organization and state level. Moreover, different tools of vulnerability scanning and protection for attacks will be described such as SQL Inject-Me, Xenotix XSS, SSLyze, XSSer. The controls to protect the web applications from these attacks and will give recommendations for web developers and system administrators. The web applications should be properly sensitized for input fields, developed as per current security standards. Current versions of web servers used modules, frameworks, and tools.

Author Biographies

GHULAM HUSSAIN JALBANI, Quaid-e-Awam University of Engineering, Science & Technology, Nawabshah, Pakistan.

Department of Information Technology

AKHTAR HUSSAIN JALBANI, Quaid-e-Awam University of Engineering, Science & Technology, Nawabshah, Pakistan.

Department of Information Technology

ROZITA JAMILI OSKOUEI, Mahdishahr Branch, Islamic Azad University, Mahdishahr, Iran.

Department of Computer Science & Information Technology

FOZIA NOUREEN, Quaid-e-Awam University of Engineering, Science & Technology, Nawabshah, Pakistan.

Department of Computer Systems Engineering

ZOJAN MEMON, University of Sufism & Modern Sciences, Bhitshah, Pakistan

Department of Information Technology

Published

2020-07-15