Defending against Web Application Vulnerabilities



Although no single tool or technique can guard against the host of possible attacks, a defense-in-depth approach, with overlapping
protections, can help secure Web applications.

Download from IEEE Xplore


Attack detection, Code vulnerabilities, Cross-site scripting, SQL injection, Secure coding practices, Vulnerability detection, Web applications


Web Application Vulnerabilities


Computer, Vol. 45, #2, pp. 66-72, IEEE Computer Society, February 2012


Cited by

Year 2015 : 5 citations

 W. Zhenhui, W. Zhenduo, X. Yingbai, and Z. Kanmai, “Research And Design Of Xml-Based Web Database Security Middleware,” Computer Applications and Software, vol. 32, no. 8, pp. 38–42, 2015.

 R. Jourmand and S. E. Alavi, “Detection of Anomalous users in Web Applications using Fuzzy Logic,” International Journal of Research and Review, vol. 2, no. 7, 2015.

 S. Kak, “Security basics for web application developers,” International Journal of Information Technology & Computer Sciences Perspectives, vol. 4, no. 1, 2015.

 D. Gol and N. Shah, “Web Application security tool to identify the different Vulnerabilities using RUP model.”

 A. K. Shrestha, P. S. Maharjan, and S. Paudel, “Identification and Illustration of Insecure Direct Object References and their Countermeasures,” International Journal of Computer Applications, vol. 114, no. 18, 2015.

Year 2014 : 14 citations

 A.-S. K. Pathan and D. A. Kindy, “Lethality of SQL injection against current and future internet technologies,” International Journal of Computational Science and Engineering, vol. 9, no. 4, pp. 386–394, 2014.

 A. Thankachan, R. Ramakrishnan, and M. Kalaiarasi, “A survey and vital analysis of various state of the art solutions for web application security,” in 2014 International Conference on Information Communication and Embedded Systems (ICICES), 2014, pp. 1–9.

 A. Patil, R. Pandit, and S. Patel, “Implementation of security framework for multiple web applications,” in 2014 International Conference on Computer Communication and Informatics (ICCCI), 2014, pp. 1–7.

 W. He, A. Kshirsagar, A. Nwala, and Y. Li, “Teaching Information Security with Workflow Technology–A Case Study Approach,” Journal of Information Systems Education, vol. 25, no. 3, p. 201, 2014.

 C. T. Phong and W. Q. Yan, “An Overview of Penetration Testing,” International Journal of Digital Crime and Forensics (IJDCF), vol. 6, no. 4, pp. 50–74, 2014.

 M. Kumar, “Security Issues and Privacy Concerns in the Implementation of Wireless Body Area Network,” in 2014 International Conference on Information Technology (ICIT), 2014, pp. 58–62.

 A. AIT OUAHMAN, “SECURITY AND PRIVACY ISSUES IN CLOUD COMPUTING,” Journal of Defense Resources Management (JoDRM), no. 02, pp. 99–108, 2014.

 T. P. Chiem, “A study of penetration testing tools and approaches,” MSc Thesis, Auckland University of Technology, Auckland, New Zealand, 2014.

 S. George, “An Imperative Analysis of diverse State of Art Solutions for Internet and Web Application Security,” presented at the International conference on Computer Science and Information Systems (ICSIS’2014), Dubai, 2014.

 D. G. Kumar and M. Chatterjee, “Detection Block Model for SQL Injection Attacks,” International Journal of Computer Network and Information Security(IJCNIS), vol. 6, no. 11, pp. 56–63, 2014.

 P. D. Buck, Q. Shi, and B. Zhou, “Monitoring and Testing Web Services,” in The 15th Annual PostGraduate Symposium on The Convergence of Telecommunications, Networking and Broadcasting (PGNET 2014), Liverpool, UK, 2014.

 K. A. Varunkumar, M. Prabakaran, A. Kaurav, S. S. Chakkaravarthy, S. Thiyagarajan, and P. Venkatesh, “Various Database Attacks and its Prevention Techniques.”

 R. B. Kalaati and B. J. Chelliah, “SQL Injection: Attacking & Prevention Techniques,” International Journal of Innovative Research and Development, 2014.

 I. M. Khalil, A. Khreishah, and M. Azeem, “Cloud Computing Security: A Survey,” Computers, vol. 3, no. 1, pp. 1–35, Feb. 2014.

Year 2013 : 6 citations

 A. Razzaq, K. Latif, H. F. Ahmad, A. Hur, Z. Anwar, and P. C. Bloodsworth, “Semantic security against web application attacks,” Information Sciences, Aug. 2013.

 H. Shahriar, S. North, and W.-C. Chen, “EARLY DETECTION OF SQL INJECTION ATTACKS,” International Journal of Network Security & Its Applications (IJNSA), vol. 5, no. 4, pp. 53–65, Jul. 2013.

 H. Shahriar, S. North, and W.-C. Chen, “Client-Side Detection of SQL Injection Attack,” in Advanced Information Systems Engineering Workshops, 2013, pp. 512–517.

 Y. Hongyu, B. In, and X. Lixia, “Three-dimensional spherical model based XML communication protocols security evaluation method,” Journal on Communications, vol. 34, no. 3, pp. 183–191, 2013.

 M. H. Abd. Rahim, “Information security management metrics in web application,” MSc Thesis, Universiti Teknologi Malaysia, Faculty of Computing, Malaysia, 2013.

 A. Sadeghian, M. zamani, and S. Ibrahim, “SQL Injection Is Still Alive: A Study on SQL Injection Signature Evasion Techniques,” in 2013 International Conference on Informatics and Creative Multimedia (ICICM), 2013, pp. 265–268.

Year 2012 : 4 citations

 M. S. Parate and M. S. M. Nirkhi, “A Review of Network Forensics Techniques for the Analysis of Web Based Attack,” International Journal of Advanced Computer Research, vol. 2, no. 6, pp. 114–119, Dec. 2012.

 H. Shahriar and M. Zulkernine, “Information-Theoretic Detection of SQL Injection Attacks,” in 2012 IEEE 14th International Symposium on High-Assurance Systems Engineering (HASE), Omaha, NE, USA, 2012, pp. 40 –47.

 T. Dehling and A. Sunyaev, “Information Security of Patient-Centred Services Utilising the German Nationwide Health Information Technology Infrastructure,” in 3rd USENIX Workshop on Heath Security and Privacy (HealthSec ’12), Bellevue, WA, 2012.

 K. S. Han, T. Kim, K. Y. Han, J. M. Lim, and C. Pyo, “An Improvement of the Guideline of Secure Software Development for Korea E-Government,” Journal of the Korea Institute of Information Security and Cryptology, vol. 22, no. 5, pp. 1179–1189, 2012.