Skip to main content
SpringerLink
Log in

Exploring the Applicability of Open-Source Tools for Web Application Cybersecurity Improvement

  • Conference paper
  • First Online:
Future Access Enablers for Ubiquitous and Intelligent Infrastructures (FABULOUS 2022)

  • 319 Accesses

Abstract

The security of the information-communication system is crucial to avoid potential cyber-attacks. Web applications are most vulnerable to attacks, so it is very important to determine the most common vulnerabilities and the best tools to improve the security of such applications. Vulnerabilities are potential flaws in the system that make it prone to potential attacks. These vulnerabilities can stem from various sources, such as programming languages with inherited security flaws, bad security coding practices, outdated or unpatched services etc. In order to improve security of web applications, the system as a whole needs to be assessed. One of the ways to improve the security is to hire a third-party company that specializies in pen-testing and security of such systems. But since security is complex and needs to be thoroughly tested, this service is rather expensive. So for a smaller web applications and projects this may not be the best or the smartest option. So in order to improve security one of the options is use of vulnerability assessment tools such as open-source vulnerability scanners. This paper will analyze technologies that are used for the development of web applications, the most common vulnerabilities encountered and open source tools that can be used to improve web application security.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. OWASP Top Ten. https://owasp.org/www-project-top-ten/. Accessed 31 July 2021

  2. ENISA Threat Landscape 2020 - Web application attacks. https://www.enisa.europa.eu/publications/web-application-attacks. Accessed 31 July 2021

  3. Humayun, M., Niazi, M., Jhanjhi, N.Z., Alshayeb, M., Mahmood, S.: Cyber security threats and vulnerabilities: a systematic mapping study. Arab. J. Sci. Eng. 45(4), 3171–3189 (2020). https://doi.org/10.1007/s13369-019-04319-2

    Article  Google Scholar 

  4. Alzahrani, A., Alqazzaz, A., Zhu, Y., Fu, H., Almashfi N.: Web application security tools analysis. In: IEEE 3rd International Conference, pp. 237–242 (2017)

    Google Scholar 

  5. Baykara, M.: Investigation and comparison of web application vulnerabilities test tools. Int. J. Comput. Sci. Mob. Comput. (IJCSMC) 7(12), 197–212 (2018)

    Google Scholar 

  6. Suschevich, A., Birukova, D.: What is a technology stack? Choosing the right tech stack for your web project. https://www.intexsoft.com/blog/post/tech-stack.html. Accessed 2 Aug 2021

  7. StackOverflow: 2021 Developer Survey. https://insights.stackoverflow.com/survey/2021. Accessed 5 Aug 2021

  8. MongoDB: What is MEAN Stack? https://www.mongodb.com/mean-stack. Accessed 5 Aug 2021

  9. MongoDB: What is MERN Stack? https://www.mongodb.com/mern-stack. Accessed 6 Aug 2021

  10. Cvitic, I., Perakovic, D., Perisa, M., Botica, M.: Definition of the IoT device classes based on network traffic flow features. In: Knapcikova, L., Balog, M., Perakovic, D., Perisa, M. (eds.) 4th EAI International Conference on Management of Manufacturing Systems. EICC, pp. 1–17. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-34272-2_1

    Chapter  Google Scholar 

  11. Bairwa, S., Mewara, B., Gajrani, J.: Vulnerability scanners: a proactive approach to assess web application security. Int. J. Comput. Sci. Appl. 4 (2014). https://doi.org/10.5121/ijcsa.2014.411. Accessed 23 Aug 2021

  12. GitHub: OWASP Mutilidae II. https://github.com/webpwnized/mutillidae. Accessed 24 Aug 2021

  13. XAMPP Official Page. https://www.apachefriends.org/index.html. Accessed 24 Aug 2021

  14. OWASP Zed Attack Proxy (ZAP) Official page. https://www.zaproxy.org/. Accessed 24 Aug 2021

  15. Vega Official page. https://subgraph.com/vega/. Accessed 25 Aug 2021

  16. Arachni Official page. https://www.arachni-scanner.com/. pristupljeno 26 Aug 2021

  17. Nikto Official page. https://cirt.net/Nikto2. Accessed 30 Aug 2021

Download references

Author information

Authors and Affiliations

  1. Faculty of Transport and Traffic Sciences, University of Zagreb, Vukelićeva 4, 10000, Zagreb, Croatia

    Ivan Cvitić, Dragan Peraković, Marko Periša & Mario Sekondo

Authors
  1. Ivan Cvitić
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Dragan Peraković
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marko Periša
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Mario Sekondo
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Dragan Peraković .

Editor information

Editors and Affiliations

  1. Faculty of Transport and Traffic Science, University of Zagreb, Zagreb, Croatia

    Dragan Perakovic

  2. Faculty of Manufacturing Technologies, Technical University of Košice, Prešov, Slovakia

    Lucia Knapcikova

Rights and permissions

Reprints and permissions

Copyright information

© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering

About this paper

Check for updates. Verify currency and authenticity via CrossMark

Cite this paper

Cvitić, I., Peraković, D., Periša, M., Sekondo, M. (2022). Exploring the Applicability of Open-Source Tools for Web Application Cybersecurity Improvement. In: Perakovic, D., Knapcikova, L. (eds) Future Access Enablers for Ubiquitous and Intelligent Infrastructures. FABULOUS 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 445. Springer, Cham. https://doi.org/10.1007/978-3-031-15101-9_5

Download citation

  • DOI: https://doi.org/10.1007/978-3-031-15101-9_5

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-031-15100-2

  • Online ISBN: 978-3-031-15101-9

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation