WebApplication Vulnerabilities:Exploitation and Prevention

摘要

Web application security has become a major challenge due to the common vulnerabilities found in web applications. Attackers possess a never-ending list of vulnerabilities and payloads to exploit them in order to gain access over various web applications maliciously. Each time when there are any changes made at some layer of web-application architecture, there exists a chance of creating novel vulnerabilities. In our work, the analysis is mainly focused on common and familiar vulnerabilities like Sql Injection (SQLi), Cross site Scripting (XSS) and Cross site Request Forgery (CSRF) and demonstrating the exploitation of these vulnerabilities by considering DVWA (Damn Vulnerable Web Application), a highly vulnerable web application designed for education purpose. The exploitation is carried out both manually and through automated tools. Thereby our research is concluded by inferring some preventive mechanisms to be adopted while designing the web applications to mitigate such types of attacks.