Web Application Vulnerabilities
Yadav, Bhanu (2014)
Yadav, Bhanu
Metropolia Ammattikorkeakoulu
2014
All rights reserved
Julkaisun pysyvä osoite on
https://urn.fi/URN:NBN:fi:amk-201405218929
https://urn.fi/URN:NBN:fi:amk-201405218929
Tiivistelmä
Web application security has been a major issue in information technology since the evolvement of dynamic web application. The main objective of this project was to carry out a detailed study on the top three web application vulnerabilities such as injection, cross site scripting, broken authentication and session management, present the situation where an application can be vulnerable to these web threats and finally provide preventative measures against them.
In order to achieve the goal, vulnerability testings were done on the web applications which were created on the local host. The method used for testing was through penetration and code review. For penetration testing, BurpSuite, BackTrack5r3 software were used as web application penetration tool. In addition to these, WireShark, which is network analysing tool, and Tamper Data, which is browser add-on for editing HTTP header, were used.
After successful completion of the vulnerability tests, it was clear that these web threats were capable of doing serious damage to an application or system by extracting, modifying, and destroying unauthorized information of the application.
Fight against web application security has always been challenging. Hence, proper preventive measures, good knowledge of web security, better coding and handling of application will always be key weapons against web threats.
In order to achieve the goal, vulnerability testings were done on the web applications which were created on the local host. The method used for testing was through penetration and code review. For penetration testing, BurpSuite, BackTrack5r3 software were used as web application penetration tool. In addition to these, WireShark, which is network analysing tool, and Tamper Data, which is browser add-on for editing HTTP header, were used.
After successful completion of the vulnerability tests, it was clear that these web threats were capable of doing serious damage to an application or system by extracting, modifying, and destroying unauthorized information of the application.
Fight against web application security has always been challenging. Hence, proper preventive measures, good knowledge of web security, better coding and handling of application will always be key weapons against web threats.