Skip to main content
SpringerLink
Log in

Recent Techniques Supporting Vulnerabilities Management for Secure Online Apps

  • Chapter
  • First Online:
Advances in Cybersecurity Management

  • 2203 Accesses

Abstract

A developer must have a knowledge of secure coding to make an application secure. A secure coding knowledge is based on the integration of various techniques about exploitation and prevention of common malicious inputs to vulnerabilities of an application. The purpose of this chapter is to review recent techniques and security tools about exploitation and prevention of common malicious inputs to online apps implemented by PHP script for a developer to improve the security of web pages. This chapter supports vulnerabilities management for securing online apps.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
eBook
USD 16.99
Price excludes VAT (USA)
  • Available as EPUB and PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 69.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info
Hardcover Book
USD 99.99
Price excludes VAT (USA)
  • Durable hardcover edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

References

  1. Shiflett, C. (2006). Essential PHP security. Newton: O’Reilly Media, Inc..

    Google Scholar 

  2. PortSwigger. (2018). Cross site scripting. Retrieved October 2020, from https://portswigger.net/web-security/cross-site-scripting

  3. Wordfence. (2018). Introduction to writing secure PHP code. Retrieved October 2020, from https://www.wordfence.com/learn/how-to-write-secure-php-code

  4. OWASP. (2017). Command injection. Retrieved October 2020, from https://owasp.org/www-community/attacks/Command_Injection

  5. PHP Documentation Group. (1999–2021). PHP manual. Retrieved October 2020, from https://www.php.net/manual/en/index.php

  6. Wordfence. (2018). Understanding SQL injection attacks. Retrieved October 2020, from https://www.wordfence.com/learn/how-to-prevent-sql-injection-attacks

  7. Gautam, B., Tripathi, J., & Singh, S. (2018). A secure coding approach for prevention of SQL injection attacks. International Journal of Applied Engineering Research, 13(11), 9874–9880.

    Google Scholar 

  8. OWASP. (2017). Cross site scripting. Retrieved October 2020, from https://owasp.org/www-community/attacks/xss

  9. PortSwigger. (2018). Cross-site request forgery. Retrieved October 2020, from https://portswigger.net/web-security/csrf

  10. Chen, B., Zavarsky, P., Ruhl, R., & Lindskog, D. (2011). A study of the effectiveness of CSRF guard. In Proc. 3rd International Conference on Privacy, Security, Risk, USA (pp. 1269–1272).

    Google Scholar 

  11. Sood, M., & Singh, S. (2017). SQL injection prevention technique using encryption. International Journal of Advanced Computational Engineering and Networking, 5(7), 4–7.

    Google Scholar 

  12. OWASP. (2017). Cross-site request forgery. Retrieved October 2020, from https://owasp.org/www-community/attacks/csrf

  13. Wordfence. (2017). How to prevent cross site scripting attacks. Retrieved October 2020, from https://www.wordfence.com/learn/how-to-prevent-cross-site-scripting-attacks

  14. OWASP. (2017). OWASP CSRF Guard. Retrieved October 2020, from https://owasp.org/www-project-csrfguard

  15. Faircloth, J. (2016). Web applications and services. In Penetration tester’s open source toolkit (4th ed.). Elsevier Inc.

    Google Scholar 

  16. Netsparker Security Team. (2020). Anti-CSRF token. Retrieved October 2020, from https://www.netsparker.com/blog/web-security/protecting-website-using-anti-csrf-token

  17. PortSwigger. (2018). OS command injection. Retrieved October 2020, from https://portswigger.net/web-security/os-command-injection

  18. Mozilla. (2020). Web technology for developers. Retrieved October 2020, from https://developer.mozilla.org/en-US/docs/Web

  19. Oo, M. M., & Aung, T. M. (2016). Defensive analysis on web-application input validation for advanced persistent threat (APT) attack. In Proc. International Conference Computer Applications. UCSY, Myanmar.

    Google Scholar 

  20. OWASP. (2017). SQL injection. Retrieved October 2020, from https://owasp.org/www-community/attacks/SQL_Injection

  21. Абашев, А. A., Иванов, М. A., Прилуцкий, С. O., & Аунг, Т. М. (2005). Уязвимости программных систем. Научная сессия МИФИ (pp. 150–151).

    Google Scholar 

  22. PortSwigger. (2018). SQL injection. Retrieved October 2020, from https://portswigger.net/web-security/sql-injection

  23. ACUNETIX. (2019). Local file inclusion. Retrieved October 2020, from https://www.acunetix.com/blog/articles/local-file-inclusion-lfi

  24. Kuma, V., Patil, D., & Maurya, N. (2015). A study of attack on PHP and web security. Communications on Applied Electronics, 1(4), 1–13.

    Article  Google Scholar 

  25. Alzahrani, A., Alqazzaz, A., Zhu, Y., Fu, H., & Almashfi, N. (2017). Web application security tools analysis. In Proc. 3rd International Conference on Big Data Security on Cloud (pp. 237–242). Beijing.

    Google Scholar 

  26. Stasinopoulos, A., Ntantogian, C., & Xenakis, C. (2019). Commix: Automating evaluation and exploitation of command injection vulnerabilities in web applications. International Journal of Information Security, 18, 49–72. Springer.

    Article  Google Scholar 

  27. Offensive Security. (2020). File inclusion vulnerabilities. Retrieved October 2020, from https://www.offensive-security.com/metasploit-unleashed/file-inclusion-vulnerabilities

  28. ACUNETIX. (2019). Remote file inclusion. Retrieved October 2020, from https://www.acunetix.com/blog/articles/remote-file-inclusion-rfi

  29. Kombade, D., & Meshram, B. B. (2012). CSRF vulnerabilities and defensive techniques. International Journal of Computer Network and Information Security, 4(1), 31–37.

    Article  Google Scholar 

  30. Liu, M., Zhang, B., Chen, W., & Zhang, X. (2019). A survey of exploitation and detection methods of XSS vulnerabilities. IEEE Access, 7, 182004–182016.

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. University of Computer Studies, Yangon (UCSY), Yangon, Myanmar

    Tun Myat Aung & Ni Ni Hla

Authors
  1. Tun Myat Aung
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Ni Ni Hla
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Tun Myat Aung .

Editor information

Editors and Affiliations

  1. University of Detroit Mercy, Detroit, MI, USA

    Kevin Daimi

  2. Ulster University, Newtownabbey, UK

    Cathryn Peoples

Rights and permissions

Reprints and permissions

Copyright information

© 2021 The Author(s), under exclusive license to Springer Nature Switzerland AG

About this chapter

Check for updates. Verify currency and authenticity via CrossMark

Cite this chapter

Aung, T.M., Hla, N.N. (2021). Recent Techniques Supporting Vulnerabilities Management for Secure Online Apps. In: Daimi, K., Peoples, C. (eds) Advances in Cybersecurity Management. Springer, Cham. https://doi.org/10.1007/978-3-030-71381-2_12

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-71381-2_12

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-71380-5

  • Online ISBN: 978-3-030-71381-2

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation