International Journal of Engineering Research

Open Access Open Access  Restricted Access Subscription Access

Web Vulnerability Scanner (WVS):A Tool for Detecting Web Application Vulnerabilities


Affiliations
1 National Institute of Technical Teacher & Research, Bhopal, India
 

In recent years, internet applications have became enormously well-liked, and today they're habitually employed in security-critical environments, like medical, financial, and military systems. Because the use of internet applications has increased, the amount and class of attacks against these applications have also matured. Moreover, the research community primarily targeted on detecting vulnerabilities, which results from insecure information flow in internet applications like cross-site scripting and SQL injection have also increased. Injection Attacks exploit vulnerabilities of websites by inserting and executing malicious code (e.g., information query, JavaScript functions) in unsuspecting users, computing surroundings or on a web server. Such attacks compromise user's information, system resources and cause a significant threat to private and business assets. We tend to investigate and develop a tool Web Vulnerability Scanner (WVS) which queries the vulnerable fragments of applications (written in query and application languages) and are then identified and analyzed offline (statically). Results show the effectiveness of our Tool, compared to the present ones in dimensions alike, it has been observed that vulnerabilities go undetected once the existing ways of area unit used; it makes offline analysis of applications time efficient; and finally, it reduces the runtime observation overhead.

Keywords

Web Vulnerability, SQL Injection, XSS.
User
Notifications
Font Size

Abstract Views: 139

PDF Views: 0




  • Web Vulnerability Scanner (WVS):A Tool for Detecting Web Application Vulnerabilities

Abstract Views: 139  |  PDF Views: 0

Authors

Shivam Swarup
National Institute of Technical Teacher & Research, Bhopal, India
R. K. Kapoor
National Institute of Technical Teacher & Research, Bhopal, India

Abstract


In recent years, internet applications have became enormously well-liked, and today they're habitually employed in security-critical environments, like medical, financial, and military systems. Because the use of internet applications has increased, the amount and class of attacks against these applications have also matured. Moreover, the research community primarily targeted on detecting vulnerabilities, which results from insecure information flow in internet applications like cross-site scripting and SQL injection have also increased. Injection Attacks exploit vulnerabilities of websites by inserting and executing malicious code (e.g., information query, JavaScript functions) in unsuspecting users, computing surroundings or on a web server. Such attacks compromise user's information, system resources and cause a significant threat to private and business assets. We tend to investigate and develop a tool Web Vulnerability Scanner (WVS) which queries the vulnerable fragments of applications (written in query and application languages) and are then identified and analyzed offline (statically). Results show the effectiveness of our Tool, compared to the present ones in dimensions alike, it has been observed that vulnerabilities go undetected once the existing ways of area unit used; it makes offline analysis of applications time efficient; and finally, it reduces the runtime observation overhead.

Keywords


Web Vulnerability, SQL Injection, XSS.