自动化Web应用安全漏洞测试分析

Proceedings of the 3rd International Conference on Future Networks and Distributed Systems Pub Date : 2019-07-01 DOI:10.1145/3341325.3342032

Pariwish Touseef, Khubaib Amjad Alam, A. Jamil, Hamza Tauseef, S. Ajmal, Rimsha Asif, Bisma Rehman, Sumaira Mustafa

{"title":"自动化Web应用安全漏洞测试分析","authors":"Pariwish Touseef, Khubaib Amjad Alam, A. Jamil, Hamza Tauseef, S. Ajmal, Rimsha Asif, Bisma Rehman, Sumaira Mustafa","doi":"10.1145/3341325.3342032","DOIUrl":null,"url":null,"abstract":"In recent years, the global spread of web risks have proposed an immediate demand for security models and prevention mechanisms. This study preliminary findings analyze an extensive literature review on web application vulnerabilities security testing. Out of an initial set of 237 studies, 30 studies were finally included as Primary Research Studies (PRS) by assuring two research questions. The results reveals that SQL injection followed by XSS and Sensitive data exposure are the most recurring risks of web applications. Similarly, Invalidated Redirects and Forwards/Under Protected APIs have received little attention by research community. The scope of this study is also extended to web application vulnerabilities testing and identification of relevant data sets. This paper also recommends future possibilities to enhance the security approaches for protection against the risks.","PeriodicalId":178126,"journal":{"name":"Proceedings of the 3rd International Conference on Future Networks and Distributed Systems","volume":"38 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-07-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"9","resultStr":"{\"title\":\"Analysis of Automated Web Application Security Vulnerabilities Testing\",\"authors\":\"Pariwish Touseef, Khubaib Amjad Alam, A. Jamil, Hamza Tauseef, S. Ajmal, Rimsha Asif, Bisma Rehman, Sumaira Mustafa\",\"doi\":\"10.1145/3341325.3342032\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"In recent years, the global spread of web risks have proposed an immediate demand for security models and prevention mechanisms. This study preliminary findings analyze an extensive literature review on web application vulnerabilities security testing. Out of an initial set of 237 studies, 30 studies were finally included as Primary Research Studies (PRS) by assuring two research questions. The results reveals that SQL injection followed by XSS and Sensitive data exposure are the most recurring risks of web applications. Similarly, Invalidated Redirects and Forwards/Under Protected APIs have received little attention by research community. The scope of this study is also extended to web application vulnerabilities testing and identification of relevant data sets. This paper also recommends future possibilities to enhance the security approaches for protection against the risks.\",\"PeriodicalId\":178126,\"journal\":{\"name\":\"Proceedings of the 3rd International Conference on Future Networks and Distributed Systems\",\"volume\":\"38 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2019-07-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"9\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the 3rd International Conference on Future Networks and Distributed Systems\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/3341325.3342032\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the 3rd International Conference on Future Networks and Distributed Systems","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3341325.3342032","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 9

摘要

近年来，网络风险在全球范围内蔓延，对网络安全模型和防范机制提出了迫切的需求。本研究的初步结果分析了大量关于web应用程序漏洞安全测试的文献综述。在最初的237项研究中，通过确定两个研究问题，30项研究最终被纳入初级研究(PRS)。结果表明，SQL注入之后的XSS和敏感数据暴露是web应用程序最常见的风险。同样，无效重定向和转发/受保护的api也很少受到研究界的关注。本研究的范围还扩展到web应用程序漏洞测试和相关数据集的识别。本文还建议了未来加强防范风险的安全方法的可能性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Analysis of Automated Web Application Security Vulnerabilities Testing

In recent years, the global spread of web risks have proposed an immediate demand for security models and prevention mechanisms. This study preliminary findings analyze an extensive literature review on web application vulnerabilities security testing. Out of an initial set of 237 studies, 30 studies were finally included as Primary Research Studies (PRS) by assuring two research questions. The results reveals that SQL injection followed by XSS and Sensitive data exposure are the most recurring risks of web applications. Similarly, Invalidated Redirects and Forwards/Under Protected APIs have received little attention by research community. The scope of this study is also extended to web application vulnerabilities testing and identification of relevant data sets. This paper also recommends future possibilities to enhance the security approaches for protection against the risks.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the 3rd International Conference on Future Networks and Distributed Systems

自引率

0.00%

发文量