Skip to content
2000
  1. Home
  2. A-Z Publications
  3. International Journal of Sensors Wireless Communications and Control
  4. Fast Track Articles
  5. Fast Track Article
image of Web-based Vulnerability Analysis and Detection

Abstract

Introduction: In today’s digital world, protecting organizations from breaches, hacking, data theft, and unauthorized access is key. Web-based vulnerability analysis and detection is a big part of that. Method: This research introduces a new approach to web-based vulnerability assessment by combining advanced automated tools with human expertise, a complete way to identify, rank, and fix critical vulnerabilities in web applications and websites. Our research presents a new automated scanner built with Python and Selenium which can detect a wide range of vulnerabilities including SQL injection, cross-site scripting (XSS), and emerging threats. The tool’s modular architecture and regular expression-based detection methods allow for flexibility and speed in detecting common and uncommon vulnerabilities. We propose a framework for vulnerability ranking so organizations can prioritize their fix efforts. Our approach considers exploiting potential, severity, and patch availability to give a more accurate risk assessment. Through real-world web application testing we demonstrate the effectiveness of our approach in detecting and fixing vulnerabilities. Result: Our results show significant improvement in detection accuracy and speed compared to traditional methods, especially for complex and dynamic web applications. This research adds to the body of knowledge in web security and vulnerability management by combining advanced automated scanning with human expertise. Conclusion: Our findings provide practical advice for organizations looking to improve their cybersecurity in the ever-changing digital world.

© 2024 Bentham Science Publishers
Loading

Article metrics loading...

/content/journals/swcc/10.2174/0122103279319619241008221647
2024-12-26
2025-01-31

  • From This Site

    /content/journals/swcc/10.2174/0122103279319619241008221647
    dcterms_title,dcterms_subject,pub_keyword
    -contentType:Contributor -contentType:Concept -contentType:Institution
    10
    5
Loading full text...

Full text loading...

References

  1. Brito T. Lopes P. Santos N. Santos J.F. Wasmati: An efficient static vulnerability scanner for webassembly. Comput. Secur. 2022 118 102745 10.1016/j.cose.2022.102745
    [Google Scholar]
  2. Górski T. SmarTS: A java package for smart contract test suite generation and execution. SoftwareX 2024 26 101698 10.1016/j.softx.2024.101698
    [Google Scholar]
  3. Ali Khan Z. Siami Namin A. Involuntary transfer: A vulnerability pattern in smart contracts. IEEE Access 2024 12 62459 62479 10.1109/ACCESS.2024.3351736
    [Google Scholar]
  4. Deepa G. Thilagam P.S. Praseed A. Pais A.R. DetLogic: A black-box approach for detecting logic vulnerabilities in web applications. J. Netw. Comput. Appl. 2018 109 89 109 10.1016/j.jnca.2018.01.008
    [Google Scholar]
  5. Gupta S. Gupta B.B. Cross-Site Scripting (XSS) attacks and defense mechanisms: classification and state-of-the-art. Int. J. Sys. Assur. Engin. Manag. 2017 8 S1 Suppl. 1 512 530 10.1007/s13198‑015‑0376‑0
    [Google Scholar]
  6. Algaith A. Nunes P. Jose F. Gashi I. Vieira M. Finding SQL injection and cross site scripting vulnerabilities with diverse static analysis tools. 2018 14th European Dependable Computing Conference (EDCC) 10-14 Sept, 2018, Iasi, Romania, 2018, pp. 57-64. 10.1109/EDCC.2018.00020
    [Google Scholar]
  7. Backes M. Rieck K. Skoruppa M. Stock B. Yamaguchi F. Efficient and flexible discovery of php application vulnerabilities. 2017 IEEE European Symposium on Security and Privacy (EuroS&P) 26-28 Apr, 2017, Paris, France, pp. 334-349. 10.1109/EuroSP.2017.14
    [Google Scholar]
  8. Wang B. Liu L. Li F. Zhang J. Chen T. Zou Z. Research on Web Application Security Vulnerability Scanning Technology. Electronic and Automation Control Conference (IAEAC) 20-22 Dec, 2019, Chengdu, China, pp. 1524-1528. 10.1109/IAEAC47372.2019.8997964
    [Google Scholar]
  9. 50+ Cybersecurity Statistics for 2023 You Need to Know – Where, Who & What is Targeted. Available from: https://www.techopedia.com/cybersecurity-statistics(accessed on 28-9-2024)
  10. Pan L. Cohney S. Murray T. Pham V-T. EDEFuzz: A Web API Fuzzer for Excessive Data Exposures Proceedings of the IEEE/ACM 46th International Conference on Software Engineering (ICSE ’24) Apr 14-20, 2024, Lisbon, Portugal, pp. 1-12. 10.1145/3597503.3608133
    [Google Scholar]
  11. Johari K. Karthikram A. Kumar K.P. Reddy S.R. Kumar P.P. Automated Web Application Hacking Framework. 2024 International Conference on Computing and Data Science (ICCDS) 26-27 Apr, 2024, Chennai, India, 2024, pp. 1-6. 10.1109/ICCDS60734.2024.10560380
    [Google Scholar]
  12. Singh R. Gupta M.K. Patil D.R. Patil S.M. Analysis of Web Application Vulnerabilities using Dynamic Application Security Testing. 2024 IEEE 9th International Conference for Convergence in Technology (I2CT) 05-07 Apr, 2024, Pune, India, 2024, pp. 1-6. 10.1109/I2CT61223.2024.10543484
    [Google Scholar]
/content/journals/swcc/10.2174/0122103279319619241008221647
Loading
Web-based Vulnerability Analysis and Detection
Bentham Science Publishers ; https://doi.org/10.2174/0122103279319619241008221647
/content/journals/swcc/10.2174/0122103279319619241008221647
/content/journals/swcc/10.2174/0122103279319619241008221647
Loading

Data & Media loading...


  • Article Type:     Research Article
Keywords: Cross-site scripting ; Web Applications ; Web-based vulnerability analysis ; Vulnerability ; XSS ; Scanner ; Vulnerability ranking ; Scripting ; Injection Attack

Most Cited Most Cited RSS feed

This is a required field
Please enter a valid email address
Approval was a Success
Invalid data
An Error Occurred
Approval was partially successful, following selected items could not be processed due to error
Please enter a valid_number test