Web Application Security
5,724 Followers
Recent papers in Web Application Security
This report focuses on vulnerabilities on web-applications and web-sites from Cross-Site Scripting attacks (XSS). The different types of XSS attacks are examined: DOM-based, active and passive attacks. The spread of XSS attacks across... more
Obtaining the desired dataset is still a prime challenge faced by researchers while analysing Online Social Network (OSN) sites. Application Programming Interfaces (APIs) provided by OSN service providers for retrieving data impose... more
We propose a log-based analysis tool for evaluating web application computer system. A feature of the tool is an integration software log with infrastructure log. Software engineers alone can resolve system faults in the tool, even if the... more
Today almost all organizations have improved their performance through allowing more information exchange within their organization as well as between their distributers, suppliers, and customers using web support. Databases are central... more
In this article, we will discuss keylogger attacks with xss.
Web Application Hacking and Security is a specialization certification that enables the cybersecurity workforce to learn, hack, test, and secure web applications from existing and emerging security threats in the industry verticals. Read... more
Abstract-- When an internet user interacts in web environment by surfing the Net, sending electronic mail messages and participating in online forums lot of data is generated which may have user’s private information. If this information... more
Fuzz testing (also known as fuzzing) is a blackbox testing technique for finding flaws in software by feeding random input into applications and monitoring for crashes. Programs that generate fuzz data are called fuzzers and they generate... more
Aplikasi web biasanya perlu menyimpan informasi yang sensitif seperti password, informasi kartu kredit, dan yang lain. Dikarenakan item-item tersebut bersifat sensitif item-item tersebut perlu dienkripsi untuk menghindari pengaksesan... more
Data mining and knowledge discovery in databases have been attracting a significant amount of research, industry, and media attention of late. There is an urgent need for a new generation of computational theories and tools to assist... more
La web se ha convertido en una plataforma de distribución de aplicaciones de todo tipo. Negocios de variados tamaños y rubros disponen de aplicaciones web para captar clientes, administrar ventas, mantener registro de todos los... more
Code Injection techniques in Application Security enables an attacker/ a malware artist or a hacker/ethical hacker/ penetration tester to leverage advantage of missing security controls over JavaScript Execution on top of the application... more
Deep web content cannot be indexed by search engine such as Google, Yahoo and Bing and darknet is lies within the deep web. Dark web has been intentionally hidden and it is not accessible through standard browser. Deep web can be accessed... more
Web penetration testing is a growing, fast-moving, and absolutely critical field in information security. This book executes modern web application attacks and utilises cutting-edge hacking techniques with an enhanced knowledge of web... more
SQL injection (SQLi) refers to an injection attack wherein an attacker can execute malicious SQL statements (also commonly referred to as a malicious payload) that control a web application’s database server (also commonly referred to as... more
Today web-based systems are very popular. These systems may have some inherent security vulnerabilities due to the languages they use. It is very important to identify these vulnerabilities for the development of quality and secure web... more
Remote File Inclusion / Local File Inclusion [Attack and Defense Techniques]
Abstract-Web application security is the hottest issue in the present scenario of e-business environment. Web application attacks can play havoc with the system within no time. More than 80% attacks are at application layer and almost 90%... more
Questo progetto tratta gli attacchi ad iniezione e, in particolare, approfondisce gli attacchi command injection e SQL injection. La scelta è nata in seguito a considerazioni legate al rischio di sicurezza. Nella prima parte definisco... more
Esta es una tesis elaborada para demostrar las fases de una prueba de penetración (pentesting) en entornos GNU Linux, en una empresa Guatemalteca.
It was an OWASP Local Chapter where I described about the difference between a typical web architecture and a secured web architecture. The things to be taken care of to built a web application.
Serious weaknesses were discovered in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers... more
The web is absolutely necessary part of our lives. It is wide platform which is used for information sharing and service over internet. They are used for the financial, government, healthcare, education and many critical services.... more
The web is absolutely necessary part of our lives. It is wide platform which is used for information sharing and service over internet. They are used for the financial, government, healthcare, education and many critical services.... more
- by International Journal of Information Sciences and Techniques (IJIST)
- Cloud ComputingDistributed System # Peer-to-Peer # Philosophy # Security # Semantic Web # Sensor Network Security, Web Application Security, Computer and Network Security Information Assurance and Security Cyber Security Access Control in Collaborative, Mobile, Pervasive and Grid Systems Semantic Web and Security Ontologies, Internet and web security
Abstract. Many companies are deploying their business on the Internet using web applications while the question of what is the risk to business operations of cyber-attacks remains unanswered. Risk awareness allows to identify and act upon... more
This paper talks about the nuisances of HTTP Parameter Pollution - a web application based attack used by penetration testers to pollute the parameters and use these same techniques for significant bypasses which could trigger or support... more