Open Access iconOpen Access

ARTICLE

crossmark

Web Security: Emerging Threats and Defense

Abdulwahed Awad Almutairi1, Shailendra Mishra2,*, Mohammed AlShehri1

1 Department of Information Technology, College of Computer and Information Sciences, Majmaah University, Majmaah, 11952, Saudi Arabia
2 Department of Computer Engineering, College of Computer and Information Sciences, Majmaah University, Majmaah, 11952, Saudi Arabia

* Corresponding Author: Shailendra Mishra. Email: email

Computer Systems Science and Engineering 2022, 40(3), 1233-1248. https://doi.org/10.32604/csse.2022.019427

Abstract

Web applications have become a widely accepted method to support the internet for the past decade. Since they have been successfully installed in the business activities and there is a requirement of advanced functionalities, the configuration is growing and becoming more complicated. The growing demand and complexity also make these web applications a preferred target for intruders on the internet. Even with the support of security specialists, they remain highly problematic for the complexity of penetration and code reviewing methods. It requires considering different testing patterns in both codes reviewing and penetration testing. As a result, the number of hacked websites is increasing day by day. Most of these vulnerabilities also occur due to incorrect input validation and lack of result validation for lousy programming practices or coding errors. Vulnerability scanners for web applications can detect a few vulnerabilities in a dynamic approach. These are quite easy to use; however, these often miss out on some of the unique critical vulnerabilities in a different and static approach. Although these are time-consuming, they can find complex vulnerabilities and improve developer knowledge in coding and best practices. Many scanners choose both dynamic and static approaches, and the developers can select them based on their requirements and conditions. This research explores and provides details of SQL injection, operating system command injection, path traversal, and cross-site scripting vulnerabilities through dynamic and static approaches. It also examines various security measures in web applications and selected five tools based on their features for scanning PHP, and JAVA code focuses on SQL injection, cross-site scripting, Path Traversal, operating system command. Moreover, this research discusses the approach of a cyber-security tester or a security developer finding out vulnerabilities through dynamic and static approaches using manual and automated web vulnerability scanners.

Keywords


Cite This Article

APA Style
Almutairi, A.A., Mishra, S., AlShehri, M. (2022). Web security: emerging threats and defense. Computer Systems Science and Engineering, 40(3), 1233-1248. https://doi.org/10.32604/csse.2022.019427
Vancouver Style
Almutairi AA, Mishra S, AlShehri M. Web security: emerging threats and defense. Comput Syst Sci Eng. 2022;40(3):1233-1248 https://doi.org/10.32604/csse.2022.019427
IEEE Style
A.A. Almutairi, S. Mishra, and M. AlShehri "Web Security: Emerging Threats and Defense," Comput. Syst. Sci. Eng., vol. 40, no. 3, pp. 1233-1248. 2022. https://doi.org/10.32604/csse.2022.019427



cc Copyright © 2022 The Author(s). Published by Tech Science Press.
This work is licensed under a Creative Commons Attribution 4.0 International License , which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
  • 2445

    View

  • 1799

    Download

  • 61

    Like

Related articles

Share Link