№1, 2013

STATISTIC ANALYSIS OF WEB-SITES SECURITY

Latif A. Tarverdiyev

Web technologies are widely used in e-government, social media, mobile platforms, and banking transactions. For this reason, they become targets of attack and ensuring web security is extremely relevant. In this paper, automatic analysis of security vulnerabilities is conducted for number of web sites and results of these experiments are presented. (pp. 44-51)

Keywords: web-site; web security; security vulnerabilities; SQL injection attacks; Cross-site scripting
References
  • Symantec Inc. Symantec Internet Security Threat Report: Vol. 18. Technical report, Symantec Inc., April 2013.
  • Business Justification for Application SecurityAssessment, https://www.owasp.org/index.php/Business_Justification_for_Application_Security_Assessment
  • WASC: The WASC Threat Classification: http://projects.webappsec.org/w/page/13246978/Threat%20Classification
  • OWASP: OWASP Top 10 - 2013 - Release Candidate, http://owasptop10.googlecode.com/files/OWASP%20Top%2010%20-%202013%20-% 20 RC1.pdf
  • OWASP: OWASP Testing Guide v3. 2008, 349 p. https://www.owasp.org/images/5/56/OWASP_Testing_Guide_v3.pdf
  • Stuttard D., Pinto M. The Web Application Hacker’s Handbook: Finding and Exploiting Security Flaws. 2nd Edition, 2011, 912 p.
  • Marco, Victoria F., Giovanni V. Vulnerability Analysis of Web-Based Applications, Testing and Analysis of Web Services (eds. L. Baresi and E. Dinitto), pp. 363-393, 2007.
  • Sutton M., Greene A., Amini P. Fuzzing: Brute Force Vulnerability Discovery, Addison-Wesley Professional, 2007, 576 p.
  • Acunetix: Acunetix web vulnerability scanner. http://www.acunetix.com/vulnerabilityscanner/
  • Acunetix: AcuSensor technology, http://www.acunetix.com/vulnerability-scanner/acusensor.htm