Skip to main content

Tool for web application vulnerability scanning

A recent MSc student project by Akhil Antony looked at a website that allows certain security risks (SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery) to be tested for.




Abstract:
Web applications are open and available on the internet 24/7 and the attackers can easily access the applications from anywhere and can penetrate the system by identifying and exploiting the vulnerability exists within it. Probability of web applications to be attacked is very high compared to the offline applications. The number of new developments for security enhancements is tend to be increasing, on the other hand the new modern technologies like HTML5, CSS3, jQuery, Silverlight and so on creates new vulnerabilities every minute and the number of such attacks increasing in a very high order. The attacker not just looking for the sensitive information from the victims web application; these applications could be used for further criminal activities including terrorism, drug dealing etc. The research is to investigate the vulnerabilities affecting the web applications and to develop an automated web application vulnerability scanner. The investigation is also focuses on the motivations and profits behind these attacks. With this application users could be able to test the web application’s security rating based on the possible vulnerabilities and developers could be able to perform penetration search within their application.
Most of the web applications suffers from generic validation errors and causes security vulnerabilities. SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery etc are examples of popular vulnerabilities exist within web applications. Majority of these web vulnerabilities are easy to identify and avoid, but unfortunately the developers are not much security aware or they work in very small time constraints. As a result more and more web applications on the internet would be vulnerable. (Stefan Kals, 2006)
The cyber crimes and the cyber attacks to web applications could be categorized on a general principle that what illegal offline is illegal online. The research is on the crimes which can only be carried out using the internet, including attacks on computer systems to disrupt IT infrastructure, and the stealing of data over a network using malware, often to enable further crime. The cyber attackers attempt to access information stored on a computer. Information may have a sale value (corporate espionage), may be valuable to the owner (ransom opportunity) or may be useful for further illegal activity such as fraud. Threats, motivations and profit achieved from cyber attacks being investigated.


Popular posts from this blog

Experiments in teaching Neural Networks

Excel Based







Scratch-based
More details available at https://computingnorthampton.blogspot.co.uk/2016/11/miniproject-using-scratch-to-build-and.html including links to the code.


All views and opinions are the author's and do not necessarily reflected those of any organisation they are associated with. Twitter: @scottturneruon

Social Analysis of Publications

The Computing staff's network of co-authors, at the University of Northampton, based on the University's  research repository NECTAR - http://nectar.northampton.ac.uk/view/divisions/SSTCT.html on 12th November 2016. The data goes back to 2010.




The data was analysed using the software VOSviewer - http://www.vosviewer.com/ free software for visualising networks. Differences in colours represents, the clusters of publications with those authors picked out by the software. The relative size of the circles is the relative number of publications listed; so for the two biggest circles/hubs it relates to 55 and 34 publications in this time period. Some relatively new authors, to the University but not to research, explains some of the 'islands' and the number of publications within it - it only reflects publications whilst at the University of Northampton.

To dig a little deeper, going to  look at the two biggest 'hubs' through their NECTAR records, so potentially going …

Computer lecturer’s research helps improve the next generation of technology

Taken from: http://www.northampton.ac.uk/news/computer-lecturers-research-helps-improve-the-next-generation-of-technology/ A computing lecturer at the University of Northampton, who is researching into how the efficiency of our everyday devices, such as mobile phones, can be improved, has been awarded the best paper at two recent conferences. Dr Michael Opoku Agyeman has written several journal papers focusing on how the next generation of technology can meet the ever increasing demands from consumers. He was invited to present his work at the 19th Euromicro Conference on Digital System Design in Cyprus and the Institute of Electrical and Electronics Engineers’ 14th International Conference in Paris. Part of his research concentrates on whether several processing elements can be incorporated on a single chip, known as System-On-Chip, to improve the efficiency and speed of the computing systems that we use every day, from mobile phones to video-game consoles and even medical equipment…