文章基本信息

标题：Analytical Study of Common Web Application Attacks
本地全文：下载
作者：Junaid Latief Shah
期刊名称：International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)
印刷版ISSN：2278-1323
出版年度：2014
卷号：3
期号：3
页码：611-617
出版社：Shri Pannalal Research Institute of Technolgy
摘要：In the recent times of technological development, web applications have become a com mon platform for a company's e-governance and administration software, a public or social forum, web portal, an e-com merce application or any other applications running on the web. The world comm unity is quickly embracing an era of social networking with number of social networking sites com ing into existence like Orkut, Facebook, MySpace, and Twitter etc. These social networking sites are used by millions of users all around the world. Technology has also made banking facilities m uch easier by providing secure e-banking solutions and online money transfers. The web is witnessed by thousands of bank transactions each day. Everything in the present world has migrated to the web ranging from online reservations and bookings to online shopping portals. Thus web applications are a buzz am ong the users today. Since number and impact of these applications running on the web have increased rapidly over the past years, at the same time, it gave birth to various web security vulnerabilities resulting in an undesirable side to web usage. The web has thus becom e a preferred platform for malicious users like hackers and spamm ers to expose these vulnerabilities and gain access or tamper with these applications. Attacks like injection vulnerabilities such as XSS, CSRF and SQL injections are becoming com mon. Sometim es intent of attackers is to impersonate a real user by stealing his cookies and hijacking his sessions over the web. Attackers m ay also make fraud banking transactions and make money transfers illegally. Phishing is one of the most com mon attacks in this category. Sometimes an attacker uses DOS and DDOS attacks to slow down a web server and thus make application to slow down and unavailable to user. To overcome this, a num ber of methods and techniques have been proposed by researchers over the period of time but still fail to com pletely secure a web application. Web application developers today find it difficult to com pletely secure their applications from m alicious content received over the web. The focus of this research paper is to compare and analyze the comm on web attacks, study how they im pact applications over the web and how their effects can be possibly mitigated.
关键词：XSS; DOS; DDOS; Phishing; SQL injection; ; CSRF; Web Server; Session; Cookies