Abstract
This paper presents the 10 most common web threats and vulnerabilities, determined by OWASP Foundation. Daily, individuals make use of web applications and websites to read, gather, and exchange a massive amount of information. That is the reason why web developers and users of web applications must increase awareness of potential threats and expand their knowledge of web security. The introduction part brings information about OWASP Foundation and deals with terms of web application security. The main reasons for security problems in the development and usage of web applications are given. Key concepts of web application security are described. In the chapter, the Top 10 web application security risks are presented. Based on several examples, possible security flaws are shown and explained. For each threat, several potential scenarios are listed, highlighting areas to be mindful of and providing guidance on safeguarding against them.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
OWASP Homepage. https://owasp.org/. Accessed 30 March 2023
Microsoft Build: Improving Web Application Security. https://learn.microsoft.com/en-us/previous-versions/msp-n-p/ff649874(v=pandp.10). Accessed 12 March 2023
Chiarelli A (2023) Security for web developers: a practical tour in five examples, ebook, Auth0. https://auth0.com/blog/security-and-web-development/. Accessed 29 March 2023
Positive Technologies. https://www.ptsecurity.com/ww-en/analytics/web-vulnerabilities-2020-2021/. Accessed 29 March 2023
PortSwigger. https://portswigger.net/web-security/sql-injection. Accessed 30 March 2023
Xie B, Li Q, Qian H (2022) Weak password scanning system for penetration testing. In: Meng W, Conti M (eds) Cyberspace safety and security. CSS 2021. LCNS, vol 13172. Springer, Cham, pp 120–130. https://doi.org/10.1007/978-3-030-94029-4_9
Jabiyev B, Mirzaei O, Kharraz A, Kirda E (2021) Preventing server-side request forgery attacks. In: Proceedings of the 36th annual ACM symposium on applied computing. Association for Computing Machinery, Virtual Event South Korea, pp 1626–1635
Čović Z (2022) Hackathon based learning in education of software engineers. In: Kovács TA, Nyikes Z, Fürstner I (eds) Security-related advanced technologies in critical infrastructure protection. NATO science for peace and security series C: environmental security. Springer, Dordrecht, pp 285–296. https://doi.org/10.1007/978-94-024-2174-3_25
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Switzerland AG
About this paper
Cite this paper
Čović, Z. (2024). Threats and Vulnerabilities in Web Applications and How to Avoid Them. In: Kovács, T.A., Nyikes, Z., Berek, T., Daruka, N., Tóth, L. (eds) Critical Infrastructure Protection in the Light of the Armed Conflicts. HCC 2022. Advanced Sciences and Technologies for Security Applications. Springer, Cham. https://doi.org/10.1007/978-3-031-47990-8_9
Download citation
DOI: https://doi.org/10.1007/978-3-031-47990-8_9
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-031-47989-2
Online ISBN: 978-3-031-47990-8
eBook Packages: EngineeringEngineering (R0)