Nikola Nedeljković – Enreach Labs, Omladinskih brigada 90 V, Belgrade, Serbia
Natalija Vugdelija – Academy of Technical and Art Applied Studies Belgrade (ATUSS) – Department ICT College for vocational studies, Zdravka Čelara 16, Belgrade, Serbia
Nenad Kojić – Academy of Technical and Art Applied Studies Belgrade (ATUSS) – Department ICT College for vocational studies, Zdravka Čelara 16, Belgrade, Serbia
DOI: https://doi.org/10.31410/ITEMA.2020.25
4th International Scientific Conference on Recent Advances in Information Technology, Tourism, Economics, Management and Agriculture – ITEMA 2020, Online/virtual, October 8, 2020, CONFERENCE PROCEEDINGS published by the Association of Economists and Managers of the Balkans, Belgrade; Printed by: SKRIPTA International, Belgrade, ISBN 978-86-80194-36-3, ISSN 2683-5991, DOI: https://doi.org/10.31410/ITEMA.2020
Abstract
Web application security vulnerabilities can lead to various attacks on users, some of which can have major consequences. It is important to point out the weaknesses that allow abuse, because often increased risk awareness is the first step in protecting web applications. Some of the most critical security risks that organizations face today have been analyzed and uncovered using OWASP Top 10. This paper presents concrete examples of attacks and abuse of web applications. Through the implementation and analysis of attacks on web applications, weaknesses that need to be eliminated in order to protect against potential new attacks are identified. Especially, suggestions to help protect web applications from each type of attack listed and described are provided.
Keywords
Web security, Web attack, Weaknesses of the web application.
References
Alzahrani, A., Alqazzaz, A., Zhu, Y., Fu, H. and Almashfi, N. (2017). Web Application Security Tools Analysis, IEEE 3rd international conference on big data security on cloud (bigdatasecurity), IEEE international conference on high performance and smart computing (hpsc), and IEEE international conference on intelligent data and security (ids), Beijing, 2017, (pp. 237-242), doi: 10.1109/BigDataSecurity.2017.47.
Andrian, R., Fauzi, A. (2019). Security Scanner for Web Applications Case Study: Learning Management System JOIN (Jurnal Online Informatika) Volume 4 No. 2 | December 2019., 63-68
Engebretson, P. (2010) The basics of hacking and penetration testing: ethical hacking and penetration testing made easy, Elsevier, USA: Syngress
OWASP. (n.d.). Top 10-2017 Top 10. Available at: OWASP: https://www.owasp.org/index.php/Top_10-2017_Top_10
Parimi, M., R., Babu, S. (2020) Critical Analysis of Software Vulnerabilities through Data Analytics, Proceedings of the International Conference on Industrial Engineering and Operations Management Dubai, UAE, March 10-12, 2020, (pp. 923-934) Rafique, S., Humayun, M., Gul, Z., Abbas, A. and Javed, H. (2015) Systematic Review of Web Application Security Vulnerabilities Detection Methods. Journal of Computer and Communications, 3, 28-40. doi: 10.4236/jcc.2015.39004.
Scott, D., Sharp, R. (2002) Abstracting application-level web security WWW ’02: Proceedings of the 11th international conference on World Wide Web May 2002 (pp. 396–407) https://doi.org/10.1145/511446.511498
Shahriar, H. (2018) Web Security Vulnerabilities: Challenges and Solutions A Tutorial Proposal for ACM SAC 2018,” (pp. 1–5),