Please use this identifier to cite or link to this item:
Title: Web vulnerabilities and countermeasures
Authors: Chen, Tiffany Yuhui
Keywords: DRNTU::Engineering::Computer science and engineering
Issue Date: 2014
Abstract: This study investigates the top three OWASP web application security flaw and explores the cyber-attacks which are resulted from the flaws. Cyber-attacks such as session sniffing, session hijacking, SQL injection and cross-site scripting are studied and demonstrated on a vulnerable site created by the author. The top three security flaws are SQL injection, broken Authentication and session management and cross site scripting. Methods of prevention and detection of these flaws will also be discussed. These flaws will be present in the vulnerable site to demonstrate the aforementioned cyber-attacks. The author will assume two roles in this experiment, an attacker role and a victim role. The author will follow the appropriate steps that an attacker would undertake to explore and exploit web application vulnerabilities. This is done by first testing to see if the web application has the vulnerabilities present, before attacking the web application. The attacks will take place on the vulnerable site. The attacker will use a Mozilla Firefox browser hosted on a virtual machine, Oracle Virtual Box. The attacker site, which belongs to the attacker, will also be used to keep a log of the sensitive data the attacker has acquired. Recommendations on how the implementation of vulnerable site could be improved are also discussed. As there is always a trade-off between performance and security in web applications, it is always best to study and understand the basic requirements of the web application before developing them.
Rights: Nanyang Technological University
Fulltext Permission: restricted
Fulltext Availability: With Fulltext
Appears in Collections:SCSE Student Reports (FYP/IA/PA/PI)

Files in This Item:
File Description SizeFormat 
FYP Report.pdf
  Restricted Access
Web Vulnerabilities and Countermeasures1.17 MBAdobe PDFView/Open

Page view(s) 20

checked on Oct 28, 2020

Download(s) 20

checked on Oct 28, 2020

Google ScholarTM


Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.