Web vulnerabilities and countermeasures
This study investigates the top three OWASP web application security flaw and explores the cyber-attacks which are resulted from the flaws. Cyber-attacks such as session sniffing, session hijacking, SQL injection and cross-site scripting are studied and demonstrated on a vulnerable site created by t...
Saved in:
| Main Author: | |
|---|---|
| Other Authors: | |
| Format: | Final Year Project |
| Language: | English |
| Published: |
2014
|
| Subjects: | |
| Online Access: | http://hdl.handle.net/10356/59986 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Nanyang Technological University |
| Language: | English |
| id |
sg-ntu-dr.10356-59986 |
|---|---|
| record_format |
dspace |
| spelling |
sg-ntu-dr.10356-599862023-03-03T20:30:00Z Web vulnerabilities and countermeasures Chen, Tiffany Yuhui School of Computer Engineering Forensics and Security Lab Tan Kheng Leong DRNTU::Engineering::Computer science and engineering This study investigates the top three OWASP web application security flaw and explores the cyber-attacks which are resulted from the flaws. Cyber-attacks such as session sniffing, session hijacking, SQL injection and cross-site scripting are studied and demonstrated on a vulnerable site created by the author. The top three security flaws are SQL injection, broken Authentication and session management and cross site scripting. Methods of prevention and detection of these flaws will also be discussed. These flaws will be present in the vulnerable site to demonstrate the aforementioned cyber-attacks. The author will assume two roles in this experiment, an attacker role and a victim role. The author will follow the appropriate steps that an attacker would undertake to explore and exploit web application vulnerabilities. This is done by first testing to see if the web application has the vulnerabilities present, before attacking the web application. The attacks will take place on the vulnerable site. The attacker will use a Mozilla Firefox browser hosted on a virtual machine, Oracle Virtual Box. The attacker site, which belongs to the attacker, will also be used to keep a log of the sensitive data the attacker has acquired. Recommendations on how the implementation of vulnerable site could be improved are also discussed. As there is always a trade-off between performance and security in web applications, it is always best to study and understand the basic requirements of the web application before developing them. Bachelor of Engineering (Computer Science) 2014-05-21T07:14:27Z 2014-05-21T07:14:27Z 2014 2014 Final Year Project (FYP) http://hdl.handle.net/10356/59986 en Nanyang Technological University 60 p. application/pdf |
| institution |
Nanyang Technological University |
| building |
NTU Library |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
NTU Library |
| collection |
DR-NTU |
| language |
English |
| topic |
DRNTU::Engineering::Computer science and engineering |
| spellingShingle |
DRNTU::Engineering::Computer science and engineering Chen, Tiffany Yuhui Web vulnerabilities and countermeasures |
| description |
This study investigates the top three OWASP web application security flaw and explores the cyber-attacks which are resulted from the flaws. Cyber-attacks such as session sniffing, session hijacking, SQL injection and cross-site scripting are studied and demonstrated on a vulnerable site created by the author.
The top three security flaws are SQL injection, broken Authentication and session management and cross site scripting. Methods of prevention and detection of these flaws will also be discussed. These flaws will be present in the vulnerable site to demonstrate the aforementioned cyber-attacks.
The author will assume two roles in this experiment, an attacker role and a victim role. The author will follow the appropriate steps that an attacker would undertake to explore and exploit web application vulnerabilities. This is done by first testing to see if the web application has the vulnerabilities present, before attacking the web application. The attacks will take place on the vulnerable site. The attacker will use a Mozilla Firefox browser hosted on a virtual machine, Oracle Virtual Box. The attacker site, which belongs to the attacker, will also be used to keep a log of the sensitive data the attacker has acquired.
Recommendations on how the implementation of vulnerable site could be improved are also discussed. As there is always a trade-off between performance and security in web applications, it is always best to study and understand the basic requirements of the web application before developing them. |
| author2 |
School of Computer Engineering |
| author_facet |
School of Computer Engineering Chen, Tiffany Yuhui |
| format |
Final Year Project |
| author |
Chen, Tiffany Yuhui |
| author_sort |
Chen, Tiffany Yuhui |
| title |
Web vulnerabilities and countermeasures |
| title_short |
Web vulnerabilities and countermeasures |
| title_full |
Web vulnerabilities and countermeasures |
| title_fullStr |
Web vulnerabilities and countermeasures |
| title_full_unstemmed |
Web vulnerabilities and countermeasures |
| title_sort |
web vulnerabilities and countermeasures |
| publishDate |
2014 |
| url |
http://hdl.handle.net/10356/59986 |
| _version_ |
1759858040331304960 |