Abstract
Familiarizing web developers with different types of vulnerabilities lead to the creation of secure web applications. In the last few decades, there has been considerable interest in web hacking which leads to different types of web attacks that can cause financial damages, privacy loss, data loss, and life-threatening situations. This study aims to discover the most common web vulnerabilities that exist in Afghanistan’s web applications and websites. We conducted this study by using Netsparker, Skipfish, and Acunetix web vulnerability scanners with the standard web vulnerability assessment (WVA) method. The result shows that almost all the web applications in Afghanistan are vulnerable to different types of cyber-attacks. A total of 997 instances of various types of vulnerabilities were detected on 109 web applications from three different domains. This study presents 24 common vulnerabilities, which is more than prior studies. The results of this study familiarize web developers with the most common vulnerabilities that can exist in a typical web application. Therefore, this study will encourage them to consider these vulnerabilities during the software development life cycle.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Ahmed Ali, A., Murah, M.Z.: Security assessment of libyan government websites. In: 2018 Cyber Resilience Conference (CRC). IEEE (2018)
Alsaleh, M., Alomar, N., Alshreef, M., Alarifi, A., Al-Salman, A.M.: Performance-based comparative assessment of open source web vulnerability scanners. Secur. Commun. Netw. (2017)
Alzahrani, A., Alqazzaz, A., Fu, H., Almashfi, N., Zhu, Y.: Web application security tools analysis. In: 2017 IEEE 3rd International Conference on Big Data Security on Cloud (2017)
Ansari, J.A.: Web Penetration Testing with Kali Linux: Build Your Defense Against Web Attacks with Kali Linus 2.0. Packt Publishing (2015)
Antunes, N., Vieira, M.: Comparing the effectiveness of penetration testing and static code analysis on the detection of SQL injection vulnerabilities in web services. In: 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing, PRDC 2009, pp. 301–306 (2009)
Bairwa, S., Mewara, B., Gajrani, J.: Vulnerability scanners: a proactive approach to assess web application security. Int. J. Comput. Sci. Appl. 4(1), 113–124 (2014)
Dilipraj, E.: South Asian cyber security environment: an analytical perspective centre for air power studies. In: Asian Defence Review, pp. 161–190. Knowledge World Publishers (2014)
Felderer, M., Büchler, M., Johns, M., Brucker, A.D., Breu, R., Pretschner, A.: Security testing: a survey. In: Advances in Computers, vol. 101, pp. 1–51. Web Application Vulnerability Scanner & Sap Security Tools. Academic Press Inc. (2023). https://piter0ff.wordpress.com/web-application-vulnerability-scanner-sap-security-tools/
Huang, H.-C., Zhang, Z.-K., Cheng, H.-W., Shieh, W.S.: Web Application Security—Threats Countermeasures and Pitfalls. IEEE Computer Society (2017)
Jain, T., Jain, N.: Framework for web application vulnerability discovery and mitigation by customizing rules through ModSecurity. In: 2019 6th International Conference on Signal Processing and Integrated Networks (SPIN) (2019)
Moniruzzaman, M., Chowdhury, F., Ferdous, M.S.: Measuring vulnerabilities of Bangladeshi websites. In: 2019 International Conference on Electrical, Computer and Communication Engineering (ECCE). IEEE (2019)
Naier, M.M., Hamidi, A., Momand, R.: Analysis of Web Application Security Vulnerabilities: A Case Study of Web Applications in Afghanistan, vol. 4 (2020)
Nath, H.V.: Vulnerability assessment methods—a review. CCIS 196, 1–10 (2011)
Nirmal, K., Janet, B., Kumar, R.: Web application vulnerabilities—the hacker’s treasure. In: 2018 International Conference on Inventive Research in Computing Applications (ICIRCA) (2018)
Patil, H.P., Gosavi, P.B.: Web vulnerability scanner by using HTTP method. Int. J. Comput. Sci. Mob. Comput. 4(9), 255–260 (2015)
Qianqian, W., Xiangjun, L.: Research and design on web application vulnerability scanning service. In: 2014 IEEE 5th International Conference on Software Engineering and Service Science (2014)
Rajan, A., Erturk, E.: Web Vulnerability Scanners: A Case Study (2017)
Salamzada, K., Shukur, Z., Abu Bakar, M.: A framework for cybersecurity strategy for developing countries: case study of Afghanistan. Asia-Pacific J. Inf. Technol. Multimed. (2015)
Shostack, A.: Threat Modeling—Designing for Security. Wiley (2014)
Singh, H., Sharma, H.: Hands-on Web Penetration Testing with Metasploit—The Subtle Art of Using Metasploit 5.0 for Web Application Exploitation. Packt Publishing (2020)
Sri Devi, R., Mohan Kumar, M.: Testing for security weakness of web applications using ethical hacking. In: 2020 4th International Conference on Trends in Electronics and Informatics (ICOEI) (48184) (2020)
Wang, B., Liu, L., Li, F., Zhang, J., Chen, T., Zou, Z.: Research on web application security vulnerability scanning technology. In: 2019 IEEE 4th Advanced Information Technology, Electronic and Automation Control Conference (IAEAC) (2019)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2024 The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Rahimy, S.M., Adelyar, S.H., Manandoy, S.R. (2024). Vulnerabilities That Threaten Web Applications in Afghanistan. In: Onwubiko, C., et al. Proceedings of the International Conference on Cybersecurity, Situational Awareness and Social Media. CYBER SCIENCE 2023. Springer Proceedings in Complexity. Springer, Singapore. https://doi.org/10.1007/978-981-99-6974-6_12
Download citation
DOI: https://doi.org/10.1007/978-981-99-6974-6_12
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-99-6973-9
Online ISBN: 978-981-99-6974-6
eBook Packages: Physics and AstronomyPhysics and Astronomy (R0)