Analysis of vulnerabilities and security problems of web applications

Authors

  • Trofymenko Olena
  • Dyka Anastasiia
  • Loboda Yuliia

DOI:

https://doi.org/10.34185/1562-9945-3-146-2023-03

Keywords:

security testing, web application, web application security, security vulnerabilities, testing tools

Abstract

The article provides a comprehensive analysis of vulnerabilities, methods, tools and problems faced by web application security testing. The analysis of scientific research in the field of web application security testing revealed a significant interest of scientists in finding effective ways to minimize site security risks and vulnerabilities. It was found out that the list of the most common web application vulnerabilities includes: broken access control, cryptographic failures, misconfiguration of security, SQL and other injections, insecure design, identification and authentication errors, etc. Specific features of the security vulnerabilities of web applications are highlighted. The problems faced by automated tools for web security testing are separately considered, namely the development of automated tools for web security testing, the use of RIA (Rich Internet Application) web applications, and the use of insecure cryptographic storage. Web application security risks can be associated with the design phase, the development phase, the deployment phase, and the maintenance phase. It is security testing that is used to identify these risks of the web application, to investigate the vulnerabilities and weak points of the web application. The conducted analysis of security vulnerabilities, methods and problems of testing web applications revealed the presence of different approaches to protect software products. A combination of manual and automated web application security testing techniques is advisable, starting with automated security testing and complementing it with manual penetration testing. A comprehensive approach should integrate testing into all stages of the software development life cycle. Such approach helps to use the most appropriate and effective available methods for the current phase of software product development.

References

Web Security Testing Guide. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/stable/2-Introduction/

Aydos M. Security testing of web applications: A systematic mapping of the litera-ture / Aydos M., Aldan Ç., Coşkun E., Soydan A. // Journal of King Saud University - Computer and Information Sciences. – 2022. – Vol. 34, Issue 9. – P. 6775-6792. DOI: 10.1016/j.jksuci.2021.09.018.

Mubshra Q. A Rigorous Approach to Prioritizing Challenges of Web-Based Appli-cation Systems / Mubshra Q., Shahid F., Mohd H., Nizam B., Md N., Atif A. // Malay-sian Journal of Computer Science. – 2021. – № 34. DOI: 10.22452/mjcs.vol34no2.1.

Arunima J. Security Testing of Web Applications: Issues and Challenges / Aruni-ma J., Gaurav R., Dheerendra S. // International Journal of Computer Applications. – 2014. – № 88. DOI: 10.5120/15334-3667.

Omer T. Analysis of Security Testing Techniques. / Omer T., Sadeeq J., Alaa K., Adil K., Fazal K., Sana K. // Intelligent Automation and Soft Computing. – 2021. – № 29. – Р. 291-306. DOI: 10.32604/iasc.2021.017260.

Riandhanu I. Analisis Metode Open Web Application Security Project (OWASP) Menggunakan Penetration Testing pada Keamanan Website Absensi. / Riandhanu I. // Jurnal Informasi dan Teknologi. – 2022. – Vol. 4, No. 3. – DOI: 10.37034/jidt.v4i3.236.

OWASP Top Ten [Online]. Available: https://owasp.org/www-project-top-ten

Broken Access Control – A01:2021 [Online]. Available:

https://owasp.org/Top10/A01_2021-Broken_Access_Control/

Cryptographic Failures – A02:2021 [Online]. Available:

https://owasp.org/Top10/A02_2021-Cryptographic_Failures/#list-of-mapped-cwes

Web Security Testing Guide. [Online]. Available: https://owasp.org/www-project-web-security-testing-guide/stable/2-Introduction/

Keshav M. Automated VS Manual Security Testing – Which One to Choose? [Online]. Available: https://www.getastra.com/blog/security-audit/manual-security-testing/

Trofymenko O. Automation of testing e-commerce websites / Trofymenko O., Pasternak Yu., Manakov S., Loboda Yu. // Modern Special Technics. – 2021. – № 2(65). – С. 46-59. DOI: 10.36486/mst2411–3816.2021.2(65).5.

Published

2023-05-11