Web Application Security Tools Analysis

Abdulrahman Alzahrani; Ali Alqazzaz; Ye Zhu; Huirong Fu; Nabil Almashfi

doi:10.1109/BigDataSecurity.2017.47

Web Application Security Tools Analysis

Abdulrahman Alzahrani
, Ali Alqazzaz
, Ye Zhu
, Huirong Fu
, Nabil Almashfi

Computer Science

Department of Computer Science and Engineering, Oakland University
Cleveland State University

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

23 Scopus citations

Abstract

Strong security in web applications is critical to the success of your online presence. Security importance has grown massively, especially among web applications. Dealing with web application or website security issues requires deep insight and planning, not only because of the many tools that are available but also because of the industry immaturity. Thus, finding the proper tools requires deep understanding and several steps, including analyzing the development environment, business needs, and the web applications' complexity. In this paper, we demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities. Those vulnerabilities are: Insufficient Transport Layer Protection, Information Leakage, Cross-Site Scripting, and SQL Injection. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications' users and administrators aiming to educate them.

Original language	English
Title of host publication	Proceedings - 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017
Editors	Meikang Qiu
Place of Publication	usa
Publisher	Institute of Electrical and Electronics Engineers Inc.
Pages	237-242
Number of pages	6
ISBN (Electronic)	9781509062959
DOIs	https://doi.org/10.1109/BigDataSecurity.2017.47
State	Published - Jul 13 2017
Event	3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017 - Beijing, China Duration: May 26 2017 → May 28 2017

Conference

Conference	3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017
Country/Territory	China
City	Beijing
Period	05/26/17 → 05/28/17

Keywords

Web application
web application security
web application vulnerabilities

Access to Document

10.1109/BigDataSecurity.2017.47

Cite this

Alzahrani, A., Alqazzaz, A., Zhu, Y., Fu, H., & Almashfi, N. (2017). Web Application Security Tools Analysis. In M. Qiu (Ed.), Proceedings - 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017 (pp. 237-242). Article 7980348 Institute of Electrical and Electronics Engineers Inc.. https://doi.org/10.1109/BigDataSecurity.2017.47

Alzahrani, Abdulrahman ; Alqazzaz, Ali ; Zhu, Ye et al. / Web Application Security Tools Analysis. Proceedings - 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017. editor / Meikang Qiu. usa : Institute of Electrical and Electronics Engineers Inc., 2017. pp. 237-242

@inproceedings{dd5bc2828de34ac5996177fa532b85ee,

title = "Web Application Security Tools Analysis",

abstract = "Strong security in web applications is critical to the success of your online presence. Security importance has grown massively, especially among web applications. Dealing with web application or website security issues requires deep insight and planning, not only because of the many tools that are available but also because of the industry immaturity. Thus, finding the proper tools requires deep understanding and several steps, including analyzing the development environment, business needs, and the web applications' complexity. In this paper, we demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities. Those vulnerabilities are: Insufficient Transport Layer Protection, Information Leakage, Cross-Site Scripting, and SQL Injection. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications' users and administrators aiming to educate them.",

keywords = "Web application, web application security, web application vulnerabilities",

author = "Abdulrahman Alzahrani and Ali Alqazzaz and Ye Zhu and Huirong Fu and Nabil Almashfi",

year = "2017",

month = jul,

day = "13",

doi = "10.1109/BigDataSecurity.2017.47",

language = "English",

pages = "237--242",

editor = "Meikang Qiu",

booktitle = "Proceedings - 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017",

publisher = "Institute of Electrical and Electronics Engineers Inc.",

note = "3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017 ; Conference date: 26-05-2017 Through 28-05-2017",

}

Alzahrani, A, Alqazzaz, A, Zhu, Y, Fu, H & Almashfi, N 2017, Web Application Security Tools Analysis. in M Qiu (ed.), Proceedings - 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017., 7980348, Institute of Electrical and Electronics Engineers Inc., usa, pp. 237-242, 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017, Beijing, China, 05/26/17. https://doi.org/10.1109/BigDataSecurity.2017.47

Web Application Security Tools Analysis. / Alzahrani, Abdulrahman; Alqazzaz, Ali; Zhu, Ye et al.
Proceedings - 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017. ed. / Meikang Qiu. usa: Institute of Electrical and Electronics Engineers Inc., 2017. p. 237-242 7980348.

Research output: Chapter in Book/Report/Conference proceeding › Conference contribution › peer-review

TY - GEN

T1 - Web Application Security Tools Analysis

AU - Alzahrani, Abdulrahman

AU - Alqazzaz, Ali

AU - Zhu, Ye

AU - Fu, Huirong

AU - Almashfi, Nabil

PY - 2017/7/13

Y1 - 2017/7/13

N2 - Strong security in web applications is critical to the success of your online presence. Security importance has grown massively, especially among web applications. Dealing with web application or website security issues requires deep insight and planning, not only because of the many tools that are available but also because of the industry immaturity. Thus, finding the proper tools requires deep understanding and several steps, including analyzing the development environment, business needs, and the web applications' complexity. In this paper, we demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities. Those vulnerabilities are: Insufficient Transport Layer Protection, Information Leakage, Cross-Site Scripting, and SQL Injection. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications' users and administrators aiming to educate them.

AB - Strong security in web applications is critical to the success of your online presence. Security importance has grown massively, especially among web applications. Dealing with web application or website security issues requires deep insight and planning, not only because of the many tools that are available but also because of the industry immaturity. Thus, finding the proper tools requires deep understanding and several steps, including analyzing the development environment, business needs, and the web applications' complexity. In this paper, we demonstrate the architecture of web applications then list and evaluate the widespread security vulnerabilities. Those vulnerabilities are: Insufficient Transport Layer Protection, Information Leakage, Cross-Site Scripting, and SQL Injection. In addition, this paper analyzes the tools that are used to scan for these widespread vulnerabilities in web applications. Finally, it evaluates tools due to security vulnerabilities and gives recommendations to the web applications' users and administrators aiming to educate them.

KW - Web application

KW - web application security

KW - web application vulnerabilities

UR - https://www.scopus.com/inward/record.uri?partnerID=HzOxMe3b&scp=85027468516&origin=inward

UR - https://www.scopus.com/inward/citedby.uri?partnerID=HzOxMe3b&scp=85027468516&origin=inward

U2 - 10.1109/BigDataSecurity.2017.47

DO - 10.1109/BigDataSecurity.2017.47

M3 - Conference contribution

SP - 237

EP - 242

BT - Proceedings - 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017

A2 - Qiu, Meikang

PB - Institute of Electrical and Electronics Engineers Inc.

CY - usa

T2 - 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017

Y2 - 26 May 2017 through 28 May 2017

ER -

Alzahrani A, Alqazzaz A, Zhu Y, Fu H, Almashfi N. Web Application Security Tools Analysis. In Qiu M, editor, Proceedings - 3rd IEEE International Conference on Big Data Security on Cloud, BigDataSecurity 2017, 3rd IEEE International Conference on High Performance and Smart Computing, HPSC 2017 and 2nd IEEE International Conference on Intelligent Data and Security, IDS 2017. usa: Institute of Electrical and Electronics Engineers Inc. 2017. p. 237-242. 7980348 doi: 10.1109/BigDataSecurity.2017.47

Web Application Security Tools Analysis

Abstract

Conference

Keywords

Access to Document

Other files and links

Cite this