Abstract
The security of the information-communication system is crucial to avoid potential cyber-attacks. Web applications are most vulnerable to attacks, so it is very important to determine the most common vulnerabilities and the best tools to improve the security of such applications. Vulnerabilities are potential flaws in the system that make it prone to potential attacks. These vulnerabilities can stem from various sources, such as programming languages with inherited security flaws, bad security coding practices, outdated or unpatched services etc. In order to improve security of web applications, the system as a whole needs to be assessed. One of the ways to improve the security is to hire a third-party company that specializies in pen-testing and security of such systems. But since security is complex and needs to be thoroughly tested, this service is rather expensive. So for a smaller web applications and projects this may not be the best or the smartest option. So in order to improve security one of the options is use of vulnerability assessment tools such as open-source vulnerability scanners. This paper will analyze technologies that are used for the development of web applications, the most common vulnerabilities encountered and open source tools that can be used to improve web application security.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
OWASP Top Ten. https://owasp.org/www-project-top-ten/. Accessed 31 July 2021
ENISA Threat Landscape 2020 - Web application attacks. https://www.enisa.europa.eu/publications/web-application-attacks. Accessed 31 July 2021
Humayun, M., Niazi, M., Jhanjhi, N.Z., Alshayeb, M., Mahmood, S.: Cyber security threats and vulnerabilities: a systematic mapping study. Arab. J. Sci. Eng. 45(4), 3171–3189 (2020). https://doi.org/10.1007/s13369-019-04319-2
Alzahrani, A., Alqazzaz, A., Zhu, Y., Fu, H., Almashfi N.: Web application security tools analysis. In: IEEE 3rd International Conference, pp. 237–242 (2017)
Baykara, M.: Investigation and comparison of web application vulnerabilities test tools. Int. J. Comput. Sci. Mob. Comput. (IJCSMC) 7(12), 197–212 (2018)
Suschevich, A., Birukova, D.: What is a technology stack? Choosing the right tech stack for your web project. https://www.intexsoft.com/blog/post/tech-stack.html. Accessed 2 Aug 2021
StackOverflow: 2021 Developer Survey. https://insights.stackoverflow.com/survey/2021. Accessed 5 Aug 2021
MongoDB: What is MEAN Stack? https://www.mongodb.com/mean-stack. Accessed 5 Aug 2021
MongoDB: What is MERN Stack? https://www.mongodb.com/mern-stack. Accessed 6 Aug 2021
Cvitic, I., Perakovic, D., Perisa, M., Botica, M.: Definition of the IoT device classes based on network traffic flow features. In: Knapcikova, L., Balog, M., Perakovic, D., Perisa, M. (eds.) 4th EAI International Conference on Management of Manufacturing Systems. EICC, pp. 1–17. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-34272-2_1
Bairwa, S., Mewara, B., Gajrani, J.: Vulnerability scanners: a proactive approach to assess web application security. Int. J. Comput. Sci. Appl. 4 (2014). https://doi.org/10.5121/ijcsa.2014.411. Accessed 23 Aug 2021
GitHub: OWASP Mutilidae II. https://github.com/webpwnized/mutillidae. Accessed 24 Aug 2021
XAMPP Official Page. https://www.apachefriends.org/index.html. Accessed 24 Aug 2021
OWASP Zed Attack Proxy (ZAP) Official page. https://www.zaproxy.org/. Accessed 24 Aug 2021
Vega Official page. https://subgraph.com/vega/. Accessed 25 Aug 2021
Arachni Official page. https://www.arachni-scanner.com/. pristupljeno 26 Aug 2021
Nikto Official page. https://cirt.net/Nikto2. Accessed 30 Aug 2021
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2022 ICST Institute for Computer Sciences, Social Informatics and Telecommunications Engineering
About this paper
Cite this paper
Cvitić, I., Peraković, D., Periša, M., Sekondo, M. (2022). Exploring the Applicability of Open-Source Tools for Web Application Cybersecurity Improvement. In: Perakovic, D., Knapcikova, L. (eds) Future Access Enablers for Ubiquitous and Intelligent Infrastructures. FABULOUS 2022. Lecture Notes of the Institute for Computer Sciences, Social Informatics and Telecommunications Engineering, vol 445. Springer, Cham. https://doi.org/10.1007/978-3-031-15101-9_5
Download citation
DOI: https://doi.org/10.1007/978-3-031-15101-9_5
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-15100-2
Online ISBN: 978-3-031-15101-9
eBook Packages: Computer ScienceComputer Science (R0)