HTTPS Contribution in Web Application Security: A Systematic Literature Review

Abstract

A Web application is one of the most used technology nowadays due to its flexibility in delivering services to society. It also plays a good portion in enhancing our daily life since it could provide almost any kind of services through an application served from the internet. Thus, many users’ private information runs the risk of being exposed to an unauthorized party. Standard browser connection uses HTTPS protocol, while both TLS over HTTP and Web application are known for several of vulnerabilities. This paper presents the results of an SLR study on web application security of HTTPS implementation. The study selects 45 qualified papers related to the topic and analyzed 24 of the documents. The findings are categorized into three labels: threats, threats impact, and defense mechanisms. This work also classifies the attack and threats based on the impact produced. In this study, the lack of understanding about security-related mechanism in TLS, session management, and web application still become the culprit of most attack and vulnerability. Based on this work, a researcher could better prioritize and prepare security mechanism to overcome the threats.