Abstract
Web application loopholes are related to different components. Defeat correctly sanitized users’ given input is one of the prominent features that accompany to run illegal snippets in such type of programs. Due to the absence of proper input sanitization, common loopholes occur in web applications, such as SQL, Cross-site Scripting (XSS), XML, CSRF, and LDAP. Thus, research work presented in this paper deliberates possible methods to detect and mitigate vulnerabilities in order to prevent organizational websites against SQL and XSS loopholes. We have analyzed a dataset of URLs. SQL, XSS, and XML have the highest rate of detection and the least percentage of CSRF.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
F.T. Pirvadlu, G. Sepidnam, Assessments Sqli and Xss vulnerability in several organizational websites of North Khorasan in Iran and offer solutions to fix these vulnerabilities, in 2017 3rd International Conference Web Research ICWR 2017 (2017), pp. 44–47
Y. Ruan, X. Yan, Research on key technology of web application security test platform, in EMSS (2018) pp. 218–223
A.M. Hasan, D.T. Meva, A.K. Roy, J. Doshi, Perusal of web application security approach, in ICCT 2017—International Conference on Intelligent Communication and Computational Techniques, vol. 2018 (2018), pp. 90–95
C. Borghello, Top 10-2017 Top 10. [Online]. Available: https://www.owasp.org/index.php/Top_10-2017_Top_10. Accessed: 25-Aug-2018
P.R. Kadam, Stop Website Attack before It Attacks You—XSS And SQLi Detection, vol. 2, no. 1 (2017), pp. 331–336
D.M. Varun, N.K. Mydhili, S. Dhrumil, Major Web Application Threats for Data Privacy & Security–Detection, Analysis and Mitigation Strategies, vol. 3, no. 7 (2017), pp. 182–198
M. Arianit, R. Ermir, J. Genc, Testing techniques and analysis of SQL injection attacks, in 2017 2nd International Conference on Knowledge Engineering and Applications, vol. 91 (2017), pp. 399–404
A. Alzahrani, A. Alqazzaz, Y. Zhu, H. Fu, N. Almashfi, Web application security tools analysis, in Proceedings 3rd IEEE International Conference on Big Data Security. Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance Smart Computing. HPSC 2017, 2nd IEEE International Conference on Intelligence Data and Security (2017), pp. 237–242
M.R.V. Bhor, H.K. Khanuja, Analysis of web application security mechanism and attack detection using vulnerability injection technique, in Proceedings of 2nd International Conference on Computer and Communications, Control and Automation, ICCUBEA 2016 (2017)
J. Thome, L.K. Shar, D. Bianculli, L. Briand, An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving. IEEE Trans. Softw. Eng. 5589, 1–33 (2018)
M.M. Hassan et al., Broken authentication and session management vulnerability: a case study of web application. Int. J. Simul. Syst. Sci. Technol. 19(2), 1–11 (2018)
S. Jan, C.D. Nguyen, A. Arcuri, L. Briand, A search-based testing approach for XML injection vulnerabilities in web applications, in Proceedings of 10th IEEE International Conference on Software Testing, Verification and Validation, ICST 2017 (2017), pp. 356–366
I. Ilyas, M. Tayyab, A. Basharat, Solution to web services security and threats, in 2018 International Conference on Computing, Mathematics and Engineering Technologies Inven. Innov. Integr. Socioecon. Dev. iCoMET 2018, vol. 2018 (2018), pp. 1–4
R.P. Adhyaru, Techniques for attacking web application security. Int. J. Inf. Sci. Tech. 6(1/2), 45–52 (2016)
T.A. Taha, M. Karabatak, A proposed approach for preventing cross-site scripting, in 6th International Symposium on Digital Forensic and Security ISDFS 2018—Proceeding, vol. 2018 (2018), pp. 1–4
M.R. Zalbina, T.W. Septian, D. Stiawan, M.Y. Idris, A. Heryanto, R. Budiarto, Payload recognition and detection of Cross Site Scripting attack, in 2017 2nd International Conference on Anti-Cyber Crimes, ICACC 2017 (2017), pp. 172–176
A.W. Marashdih, Z.F. Zaaba, Detection and removing cross site scripting vulnerability in PHP web application, in 2017 International Conference on Promising Electronic Technologies ICPET 2017 (2017), pp. 26–31
I. Dolnak, Content Security Policy (CSP) as countermeasure to Cross Site Scripting (XSS) attacks, in ICETA 2017—15th International Conference on Emerging eLearning Technologies and Applications (2017)
V. Dehalwar, A. Kalam, M.L. Kolhe, A. Zayegh, Review of web-based information security threats in smart grid, 2017 7th International Conference on Power Systems, ICPS 2017 (2018), pp. 849–853.
A. Sudhodanan, R. Carbone, L. Compagna, N. Dolgin, A. Armando, U. Morelli, Large-scale analysis & detection of authentication cross-site request forgeries, in Proceedings—2nd IEEE European Symposium on Security and Privacy (EuroS&P) 2017 (2017), pp. 350–365
“OpenPhish.” [Online]. Available: https://openphish.com/. Accessed: 07-Sept-2018
A. Nair, P. Chame, S. Gaikwad, S. Ethape, P.S. Agarwal, Prevention of Cross Site Scripting (XSS) and securing web application atclient side. Int. J. Emerg. Technol. Comput. Sci. 3(2), 83–86 (2018)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Monika, Tiwari, V. (2021). DPLOOP: Detection and Prevention of Loopholes in Web Application Security. In: Gao, XZ., Tiwari, S., Trivedi, M., Mishra, K. (eds) Advances in Computational Intelligence and Communication Technology. Advances in Intelligent Systems and Computing, vol 1086. Springer, Singapore. https://doi.org/10.1007/978-981-15-1275-9_14
Download citation
DOI: https://doi.org/10.1007/978-981-15-1275-9_14
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-15-1274-2
Online ISBN: 978-981-15-1275-9
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)