Published: 2024-12-01
Identifying and Mitigating Web Application Vulnerabilities: A Comparative Study of Countermeasures and Tools
DOI: 10.35870/ijsecs.v4i3.3138
Sayed Elham Sadat, Mohammed Fahim Naseri, Khosraw Salamzada
- Sayed Elham Sadat: Kabul Education University
- Mohammed Fahim Naseri: Kabul Education University
- Khosraw Salamzada: Kabul Education University
Abstract
In the current age of technology, web applications and websites have experienced significant growth. This expansion has made their security a critical area of research. Web applications offer benefits, which makes user’s lives easier. In this paper, common web application vulnerabilities and effective strategies to mitigate the vulnerabilities are identified using a comparative study of countermeasures and open-source web application vulnerability assessment tools. Specifically, the top ten web application vulnerabilities and their countermeasures are investigated. Accordingly, several open-source vulnerability assessment tools are also introduced. The review highlights that with the developments and deployments of web applications on the internet, users are chased by a remarkable number of cyber-attacks. Attackers take advantage of available vulnerabilities in a web application or website, such as SQL injections, cross-site scripting, and broken authentications. This paper concludes by providing the best practices to mitigate cyber-attacks on web applications and suggests future directions for enhancing vulnerability assessment through machine learning techniques
Keywords
Web Security ; Vulnerabilities ; Web Applications ; Open-Source Tools ; Countermeasures
Downloads
Article Information
This article has been peer-reviewed and published in the International Journal Software Engineering and Computer Science (IJSECS). The content is available under the terms of the Creative Commons Attribution 4.0 International License.
-
Issue: Vol. 4 No. 3 (2024)
-
Section: Articles
-
Published: December 1, 2024
-
License: CC BY 4.0
-
Copyright: © 2024 Authors
-
DOI: 10.35870/ijsecs.v4i3.3138
AI Research Hub
This article is indexed and available through various AI-powered research tools and citation platforms. Our AI Research Hub ensures that scholarly work is discoverable, accessible, and easily integrated into the global research ecosystem. By leveraging artificial intelligence for indexing, recommendation, and citation analysis, we enhance the visibility and impact of published research.
Sayed Elham Sadat
Information Technology Department, Kabul Education University, Kabul, Afghanistan
Mohammed Fahim Naseri
Information Technology Department, Kabul Education University, Kabul, Afghanistan
Khosraw Salamzada
Information Technology Department, Kabul Education University, Kabul, Afghanistan
-
ASM Technologies Ltd. (2017). CEBIT - Introduction to Cyber Security. ASM Technologies Ltd.
-
Curphey, M., & Arawo, R. (2006). Web application security assessment tools. IEEE Security & Privacy, 4(4), 32-41. https://doi.org/10.1109/MSP.2006.108.
-
Positive Technologies. (2019). Web application vulnerabilities: Statistics for 2018. Positive Technologies.
-
Portswigger. (2019). XML external entity (XXE) injection. Retrieved June 2019, from https://portswigger.net/web-security/xxe
-
Blazquez, D. (2019). Broken access control. Retrieved November 20, 2019, from https://hdivsecurity.com/owasp-broken-access-control
-
Blazquez, D. (2019). Security misconfiguration. Retrieved November 20, 2019, from https://hdivsecurity.com/owasp-security-misconfiguration
-
Acunetix. (2019). Types of XSS: Stored XSS, reflected XSS, and DOM-based XSS. Retrieved November 2019, from https://www.acunetix.com/websitesecurity/xss/
-
Hack2Secure. (2018). Insufficient logging and monitoring: A brief walk through. Retrieved January 27, 2018, from https://www.hack2secure.com
-
Suteva, N., Zlatkovski, D. D., & Mileva, A. (2013). Evaluation and testing of several free/open-source web vulnerability scanners. The 10th Conference for Informatics and Information Technology (CIIT 2013), Macedonia.
-
Sarosys LLC. (2017). Arachni scanner. Retrieved December 19, 2019, from https://www.arachni-scanner.com
-
G., S. (2018). Skipfish – Web application security scanner for XSS, SQL injection, shell injection. Retrieved December 22, 2019, from https://gbhackers.com/skipfish-web-application-security-scanner/
-
Surribas, N. (2019). The web-application vulnerability scanner. Retrieved September 4, 2019, from https://wapiti.sourceforge.io
-
Mehra, D. (2018). How to start with Vega: The web security scanner? Retrieved February 5, 2018, from https://blog.knoldus.com/start-vega-web-security-scanner/
-
Huang, H. C., Zhang, Z. K., Cheng, H. W., & Shieh, S. W. (2017). Web application security: Threats, countermeasures, and pitfalls. Computer, 50(6), 81-85. https://doi.org/10.1109/MC.2017.183
-
Gillman, D., Lin, Y., Maggs, B., & Sitaraman, R. K. (2015). Protecting websites from attack with secure delivery networks. Computer, 48(4), 26-34. https://doi.org/10.1109/MC.2015.116
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Copyright and Licensing Agreement
Authors who publish with this journal agree to the following terms:
1. Copyright Retention and Open Access License
- Authors retain full copyright of their work
- Authors grant the journal right of first publication under the Creative Commons Attribution 4.0 International License (CC BY 4.0)
- This license allows unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited
2. Rights Granted Under CC BY 4.0
Under this license, readers are free to:
- Share — copy and redistribute the material in any medium or format
- Adapt — remix, transform, and build upon the material for any purpose, including commercial use
- No additional restrictions — the licensor cannot revoke these freedoms as long as license terms are followed
3. Attribution Requirements
All uses must include:
- Proper citation of the original work
- Link to the Creative Commons license
- Indication if changes were made to the original work
- No suggestion that the licensor endorses the user or their use
4. Additional Distribution Rights
Authors may:
- Deposit the published version in institutional repositories
- Share through academic social networks
- Include in books, monographs, or other publications
- Post on personal or institutional websites
Requirement: All additional distributions must maintain the CC BY 4.0 license and proper attribution.
5. Self-Archiving and Pre-Print Sharing
Authors are encouraged to:
- Share pre-prints and post-prints online
- Deposit in subject-specific repositories (e.g., arXiv, bioRxiv)
- Engage in scholarly communication throughout the publication process
6. Open Access Commitment
This journal provides immediate open access to all content, supporting the global exchange of knowledge without financial, legal, or technical barriers.