Papitha Velumani, profile picture
Uploaded byPapitha Velumani
DOC, PDF674 views

Analysis of field data on web security vulnerabilities

The document presents a study on web security vulnerabilities, focusing on SQL injection and XSS, by analyzing source code and security patches of widely used web applications. It highlights the critical need for understanding software faults to reduce vulnerabilities and improve security mechanisms, suggesting that the knowledge gained can be instrumental for training developers and enhancing security practices. The proposed methodology aims to identify common coding mistakes, enabling better prioritization in addressing vulnerabilities based on their relevance to attackers.

Downloaded 23 times
ANALYSIS OF FIELD DATA ON WEB SECURITY VULNERABILITIES ABSTRACT: Most web applications have critical bugs (faults) affecting their security, which makes them vulnerable to attacks by hackers and organized crime. To prevent these security problems from occurring it is of utmost importance to understand the typical software faults. This paper contributes to this body of knowledge by presenting a field study on two of the most widely spread and critical web application vulnerabilities: SQL Injection and XSS. It analyzes the source code of security patches of widely used web applications written in weak and strong typed languages. Results show that only a small subset of software fault types, affecting a restricted collection of statements, is related to security. To understand how these vulnerabilities are really exploited by hackers, this paper also presents an analysis of the source code of the scripts used to attack them. The outcomes of this study can be used to train
software developers and code inspectors in the detection of such faults and are also the foundation for the research of realistic vulnerability and attack injectors that can be used to assess security mechanisms, such as intrusion detection systems, vulnerability scanners, and static code analyzers. EXISTING SYSTEM: The security of web applications becomes a major concern and it is receiving more and more attention from governments, corporations, and the research community. Attackers also followed the move to the web and as such more than half of current computer security threats and vulnerabilities affect web applications. Not surprisingly, the number of reported attacks that exploit web application vulnerabilities is increasing. In fact, numerous data breach attacks are frequently reported due to web application security problems. Given the preponderant role of web applications in many organizations, one can realize the importance of finding ways to reduce the number of vulnerabilities. This can be helped with a deeper knowledge on
software faults behind such vulnerabilities; however, this is a vast field and there is still a lot of work to be done. DISADVANTAGES OF EXISTING SYSTEM:  It is vulnerable to attacks. Attackers also followed the move to the web and as such more than half of current computer security threats and vulnerabilities affect web applications. PROPOSED SYSTEM: This paper contributes to fill this gap by presenting a study on characteristics of source code defects generating major web application vulnerabilities. The main research goal is to understand the typical software faults that are behind the majority of web application vulnerabilities, taking into account different programming languages. To understand the relevance these kinds of vulnerabilities for the attackers, the paper also analyzes the code used to exploit them. The proposed methodology allows gathering the information on common
mistakes that developers should avoid. This knowledge is helpful for training, and it is crucial for the specification of guidelines for security code reviewers, for the evaluation of penetration testing tools, as well as for the creation of safer internal policies for programming practices, among others. It can also be used to build a realistic attack injector. In our study, we observed that not every vulnerability is equally important for an attacker, and when not all vulnerabilities can be fixed in due time, these data may be used to select those that should be addressed first. ADVANTAGES OF PROPOSED SYSTEM: Its underlying idea is that knowing the root cause of software defects helps removing their source. Each patch was inspected in depth to gather the precise characteristics of the code that was responsible for the security problem and classified them according to an adaptation of the orthogonal defect classification.
SYSTEM CONFIGURATION:- HARDWARE REQUIREMENTS:- Processor - Pentium –IV Speed - 1.1 Ghz RAM - 512 MB(min) Hard Disk - 40 GB Key Board - Standard Windows Keyboard Mouse - Two or Three Button Mouse Monitor - LCD/LED SOFTWARE REQUIREMENTS: Operating system : Windows XP. Coding Language : JAVA Data Base : MySQL Tool : Netbeans.
REFERENCE: Jose´ Fonseca, Nuno Seixas, Marco Vieira, and Henrique Madeira, “Analysis of Field Data on Web Security Vulnerabilities” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014.
REFERENCE: Jose´ Fonseca, Nuno Seixas, Marco Vieira, and Henrique Madeira, “Analysis of Field Data on Web Security Vulnerabilities” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014.

More Related Content

PPTX
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
PPTX
Classification of vulnerabilities
byMayur Mehta
 
PDF
Security in Computing and IT
byKomalah Nair
 
PPTX
Introduction To Vulnerability Assessment & Penetration Testing
byRaghav Bisht
 
PDF
website vulnerability scanner and reporter research paper
byBhagyashri Chalakh
 
PPT
The Security Vulnerability Assessment Process & Best Practices
byKellep Charles
 
PPTX
What is security testing and why it is so important?
byONE BCG
 
PPTX
Vapt( vulnerabilty and penetration testing ) services
byAkshay Kurhade
 
Vulnerability assessment and penetration testing
byAbu Sadat Mohammed Yasin
 
Classification of vulnerabilities
byMayur Mehta
 
Security in Computing and IT
byKomalah Nair
 
Introduction To Vulnerability Assessment & Penetration Testing
byRaghav Bisht
 
website vulnerability scanner and reporter research paper
byBhagyashri Chalakh
 
The Security Vulnerability Assessment Process & Best Practices
byKellep Charles
 
What is security testing and why it is so important?
byONE BCG
 
Vapt( vulnerabilty and penetration testing ) services
byAkshay Kurhade
 

What's hot

PDF
Pen testing and how does it help strengthen cybersecurity
byTestingXperts
 
PPTX
VAPT, Ethical Hacking and Laws in India by prashant mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
PPTX
Vulnerability and Assessment Penetration Testing
byYvonne Marambanyika
 
PDF
Web App Sec Benchmarks
byAung Khant
 
PDF
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
byTekRevol LLC
 
PPTX
Malware Detection Using Data Mining Techniques
byAkash Karwande
 
PDF
Routine Detection Of Web Application Defence Flaws
byIJTET Journal
 
PPTX
Intro to Network Vapt
byApurv Singh Gautam
 
PPTX
Assessment and Threats: Protecting Your Company from Cyber Attacks
byCimation
 
PPTX
Sdl deployment in ics
byMayur Mehta
 
PPTX
OTG - Practical Hands on VAPT
byshiriskumar
 
PPTX
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
PPTX
What is penetration testing and why is it important for a business to invest ...
byAlisha Henderson
 
PPTX
Introduction to security testing raj
byRajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
PDF
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
PPTX
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
byrver21
 
PPTX
Threat modelling
byRajeev Venkata
 
PDF
Application security testing an integrated approach
byIdexcel Technologies
 
PPTX
Protecting Windows Networks From Malware
byRishu Mehra
 
Pen testing and how does it help strengthen cybersecurity
byTestingXperts
 
VAPT, Ethical Hacking and Laws in India by prashant mali
byAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Vulnerability and Assessment Penetration Testing
byYvonne Marambanyika
 
Web App Sec Benchmarks
byAung Khant
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
byTekRevol LLC
 
Malware Detection Using Data Mining Techniques
byAkash Karwande
 
Routine Detection Of Web Application Defence Flaws
byIJTET Journal
 
Intro to Network Vapt
byApurv Singh Gautam
 
Assessment and Threats: Protecting Your Company from Cyber Attacks
byCimation
 
Sdl deployment in ics
byMayur Mehta
 
OTG - Practical Hands on VAPT
byshiriskumar
 
Ethical Hacking n VAPT presentation by Suvrat jain
bySuvrat Jain
 
What is penetration testing and why is it important for a business to invest ...
byAlisha Henderson
 
Introduction to security testing raj
byRajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
byEdureka!
 
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
byrver21
 
Threat modelling
byRajeev Venkata
 
Application security testing an integrated approach
byIdexcel Technologies
 
Protecting Windows Networks From Malware
byRishu Mehra
 

Viewers also liked

PPT
Identifying Cross Site Scripting Vulnerabilities in Web Applications
byPorfirio Tramontana
 
PDF
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
byAndrew Petukhov
 
PPTX
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
byNurul Haszeli Ahmad
 
PPTX
Analysis of Field Data on Web Security Vulnerabilities
byKaashivInfoTech Company
 
PDF
A Study on Dynamic Detection of Web Application Vulnerabilities
byYuji Kosuga
 
PDF
2012 04 Analysis Techniques for Mobile OS Security
byRaleigh ISSA
 
PPT
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
byAndrew Petukhov
 
PPTX
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
byAjith Kp
 
KEY
No locked doors, no windows barred: hacking OpenAM infrastructure
byAndrew Petukhov
 
PDF
CODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
byIsao Takaesu
 
PPTX
Attributes based encryption with verifiable outsourced decryption
byKaashivInfoTech Company
 
PPT
data mining for security application
bybharatsvnit
 
PPT
Technology buffet for new teachers march 2012
byKaren Brooks
 
Identifying Cross Site Scripting Vulnerabilities in Web Applications
byPorfirio Tramontana
 
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
byAndrew Petukhov
 
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
byNurul Haszeli Ahmad
 
Analysis of Field Data on Web Security Vulnerabilities
byKaashivInfoTech Company
 
A Study on Dynamic Detection of Web Application Vulnerabilities
byYuji Kosuga
 
2012 04 Analysis Techniques for Mobile OS Security
byRaleigh ISSA
 
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
byAndrew Petukhov
 
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
byAjith Kp
 
No locked doors, no windows barred: hacking OpenAM infrastructure
byAndrew Petukhov
 
CODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
byIsao Takaesu
 
Attributes based encryption with verifiable outsourced decryption
byKaashivInfoTech Company
 
data mining for security application
bybharatsvnit
 
Technology buffet for new teachers march 2012
byKaren Brooks
 

Similar to Analysis of field data on web security vulnerabilities

PDF
Standardizing Source Code Security Audits
byijseajournal
 
PPTX
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
byNurul Haszeli Ahmad
 
PDF
Bridging the gap - Security and Software Testing
byRoberto Suggi Liverani
 
PDF
A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...
byChinnappa Doss
 
PDF
E.M._Poot
byEdward Poot
 
PPTX
Software Security and IDS.pptx
byMuhib Ahmad Sherwani
 
KEY
EISA Considerations for Web Application Security
byLarry Ball
 
PPT
SoftwareSecurity.ppt
byssuserfb92ae
 
PPTX
chap-1 : Vulnerabilities in Information Systems
byKashfUlHuda1
 
PPTX
Static Code Analysis
byGeneva, Switzerland
 
PPTX
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
byRootedCON
 
PPT
Software security (vulnerabilities) and physical security
byNicholas Davis
 
PPT
Software Security (Vulnerabilities) And Physical Security
byNicholas Davis
 
DOCX
Web Vulnerability Scanner project Report
byVikas Kumar
 
PDF
Web Application Protection
byISCTE-IUL ACM Student Chapter
 
PDF
Cyber Security for Critical Infrastructure
byMohit Rampal
 
PDF
Vulnerability Management System
byIRJET Journal
 
PPT
香港六合彩
bybaoyin
 
PDF
A26001006
byIJERA Editor
 
PDF
Software Security - Vulnerability&Attack
byEmanuela Boroș
 
Standardizing Source Code Security Audits
byijseajournal
 
VULNERABILITIES AND EXPLOITATION IN COMPUTER SYSTEM – PAST, PRESENT, AND FUTURE
byNurul Haszeli Ahmad
 
Bridging the gap - Security and Software Testing
byRoberto Suggi Liverani
 
A%20study%20of%20web%20application%20vulnerabilities%20and%20vulnerability%20...
byChinnappa Doss
 
E.M._Poot
byEdward Poot
 
Software Security and IDS.pptx
byMuhib Ahmad Sherwani
 
EISA Considerations for Web Application Security
byLarry Ball
 
SoftwareSecurity.ppt
byssuserfb92ae
 
chap-1 : Vulnerabilities in Information Systems
byKashfUlHuda1
 
Static Code Analysis
byGeneva, Switzerland
 
José Vila - ¿Otro parche más? No, por favor. [rooted2018]
byRootedCON
 
Software security (vulnerabilities) and physical security
byNicholas Davis
 
Software Security (Vulnerabilities) And Physical Security
byNicholas Davis
 
Web Vulnerability Scanner project Report
byVikas Kumar
 
Web Application Protection
byISCTE-IUL ACM Student Chapter
 
Cyber Security for Critical Infrastructure
byMohit Rampal
 
Vulnerability Management System
byIRJET Journal
 
香港六合彩
bybaoyin
 
A26001006
byIJERA Editor
 
Software Security - Vulnerability&Attack
byEmanuela Boroș
 

More from Papitha Velumani

PDF
2015 - 2016 IEEE Project Titles and abstracts in Java
byPapitha Velumani
 
PDF
2015 - 2016 IEEE Project Titles and abstracts in Android
byPapitha Velumani
 
PDF
2015 - 2016 IEEE Project Titles and abstracts in Dotnet
byPapitha Velumani
 
DOC
Trajectory improves data delivery in urban vehicular networks
byPapitha Velumani
 
DOC
Tracon interference aware scheduling for data-intensive applications in virtu...
byPapitha Velumani
 
DOC
Supporting privacy protection in personalized web search
byPapitha Velumani
 
DOC
Stochastic bandwidth estimation in networks with random service
byPapitha Velumani
 
DOC
Sos a distributed mobile q&a system based on social networks
byPapitha Velumani
 
DOC
Security evaluation of pattern classifiers under attack
byPapitha Velumani
 
DOC
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
byPapitha Velumani
 
DOC
Probabilistic consolidation of virtual machines in self organizing cloud data...
byPapitha Velumani
 
DOC
Privacy preserving multi-keyword ranked search over encrypted cloud data
byPapitha Velumani
 
DOC
Privacy preserving and content-protecting location based queries
byPapitha Velumani
 
DOC
Pack prediction based cloud bandwidth and cost reduction system
byPapitha Velumani
 
DOC
Occt a one class clustering tree for implementing one-to-man data linkage
byPapitha Velumani
 
DOC
Leveraging social networks for p2p content based file sharing in disconnected...
byPapitha Velumani
 
DOC
LDBP: localized boundary detection and parametrization for 3 d sensor networks
byPapitha Velumani
 
DOC
Integrity for join queries in the cloud
byPapitha Velumani
 
DOC
Improving fairness, efficiency, and stability in http based adaptive video st...
byPapitha Velumani
 
DOC
Hybrid attribute and re-encryption-based key management for secure and scala...
byPapitha Velumani
 
2015 - 2016 IEEE Project Titles and abstracts in Java
byPapitha Velumani
 
2015 - 2016 IEEE Project Titles and abstracts in Android
byPapitha Velumani
 
2015 - 2016 IEEE Project Titles and abstracts in Dotnet
byPapitha Velumani
 
Trajectory improves data delivery in urban vehicular networks
byPapitha Velumani
 
Tracon interference aware scheduling for data-intensive applications in virtu...
byPapitha Velumani
 
Supporting privacy protection in personalized web search
byPapitha Velumani
 
Stochastic bandwidth estimation in networks with random service
byPapitha Velumani
 
Sos a distributed mobile q&a system based on social networks
byPapitha Velumani
 
Security evaluation of pattern classifiers under attack
byPapitha Velumani
 
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
byPapitha Velumani
 
Probabilistic consolidation of virtual machines in self organizing cloud data...
byPapitha Velumani
 
Privacy preserving multi-keyword ranked search over encrypted cloud data
byPapitha Velumani
 
Privacy preserving and content-protecting location based queries
byPapitha Velumani
 
Pack prediction based cloud bandwidth and cost reduction system
byPapitha Velumani
 
Occt a one class clustering tree for implementing one-to-man data linkage
byPapitha Velumani
 
Leveraging social networks for p2p content based file sharing in disconnected...
byPapitha Velumani
 
LDBP: localized boundary detection and parametrization for 3 d sensor networks
byPapitha Velumani
 
Integrity for join queries in the cloud
byPapitha Velumani
 
Improving fairness, efficiency, and stability in http based adaptive video st...
byPapitha Velumani
 
Hybrid attribute and re-encryption-based key management for secure and scala...
byPapitha Velumani
 

Recently uploaded

PPTX
Gastro retentive drug delivery system pradip
byDrxpradipPatil
 
PDF
2025 Caribbean Examinations Council CCSLC Merit List
byCaribbean Examinations Council
 
PDF
Hunwick's Roman Roads and Ridge Roads, a Discussion Document
byJohn Pallister
 
PDF
2025 Caribbean Examinations Council CSEC Merit List
byCaribbean Examinations Council
 
PPTX
THERAPEUTIC COMMUNICATION for 2nd year GNM, 2ND YEAR P.B.B.SC NSG, 5TH SEM B....
byparmarjuli1412
 
PDF
Karunadu Sambhrama 2025 - A Karnataka Quiz by Bengaluru Quiz Qatte
byhemanvm22
 
PDF
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 4 PART 1
byRushiMandali
 
PPTX
How to Get Ahead in Marketing: Insights for University Students
byCareLineLive
 
PDF
2025-11-02 - AQSE - Qiskit Fall Fest - IIT-Guwahati.pdf
byAritra Sarkar
 
PDF
Unit - I Communication Skills. B.pharmacy and D. Pharmacy
bySayyadTarannum
 
PPTX
What are Forecast Reports in Odoo 18 CRM
byCeline George
 
PDF
🧬 ICAR SRF & ASRB NET Exam – Genetics and Plant Breeding Syllabus | Complete ...
bySatyam Sharma
 
PPTX
Tablets & Liquid orals Industrial pharmacy-I UNIT-2, B. Pharam V Semester PPT
byARUN KUMAR
 
PDF
Energy Topics For All Student by LDM MIA
byLDMMIA, Reiki Yoga
 
PDF
2025 Caribbean Examinations Council CAPE Merit List
byCaribbean Examinations Council
 
PDF
Rise of Magadh under Haryanka, Shishunaga and Nanda dynasties
byPrachiSontakke5
 
PDF
Major Evolutionary Patterns in Crop Plants: Implications for Breeding and Div...
bySatyam Sharma
 
PDF
BP704T: NOVEL DRUG DELIVERY SYSTEMS UNIT 4 PART 1
byRushiMandali
 
PPTX
NURSING PROCESS.....................pptx
byAneetaSharma15
 
PDF
ARS Nematology Syllabus | Complete Unit-wise Topics, Booklist & Preparation S...
bySatyam Sharma
 
Gastro retentive drug delivery system pradip
byDrxpradipPatil
 
2025 Caribbean Examinations Council CCSLC Merit List
byCaribbean Examinations Council
 
Hunwick's Roman Roads and Ridge Roads, a Discussion Document
byJohn Pallister
 
2025 Caribbean Examinations Council CSEC Merit List
byCaribbean Examinations Council
 
THERAPEUTIC COMMUNICATION for 2nd year GNM, 2ND YEAR P.B.B.SC NSG, 5TH SEM B....
byparmarjuli1412
 
Karunadu Sambhrama 2025 - A Karnataka Quiz by Bengaluru Quiz Qatte
byhemanvm22
 
BP605 T PHARMACEUTICAL BIOTECHNOLOGY UNIT 4 PART 1
byRushiMandali
 
How to Get Ahead in Marketing: Insights for University Students
byCareLineLive
 
2025-11-02 - AQSE - Qiskit Fall Fest - IIT-Guwahati.pdf
byAritra Sarkar
 
Unit - I Communication Skills. B.pharmacy and D. Pharmacy
bySayyadTarannum
 
What are Forecast Reports in Odoo 18 CRM
byCeline George
 
🧬 ICAR SRF & ASRB NET Exam – Genetics and Plant Breeding Syllabus | Complete ...
bySatyam Sharma
 
Tablets & Liquid orals Industrial pharmacy-I UNIT-2, B. Pharam V Semester PPT
byARUN KUMAR
 
Energy Topics For All Student by LDM MIA
byLDMMIA, Reiki Yoga
 
2025 Caribbean Examinations Council CAPE Merit List
byCaribbean Examinations Council
 
Rise of Magadh under Haryanka, Shishunaga and Nanda dynasties
byPrachiSontakke5
 
Major Evolutionary Patterns in Crop Plants: Implications for Breeding and Div...
bySatyam Sharma
 
BP704T: NOVEL DRUG DELIVERY SYSTEMS UNIT 4 PART 1
byRushiMandali
 
NURSING PROCESS.....................pptx
byAneetaSharma15
 
ARS Nematology Syllabus | Complete Unit-wise Topics, Booklist & Preparation S...
bySatyam Sharma
 

Analysis of field data on web security vulnerabilities

  • 1.
    ANALYSIS OF FIELDDATA ON WEB SECURITY VULNERABILITIES ABSTRACT: Most web applications have critical bugs (faults) affecting their security, which makes them vulnerable to attacks by hackers and organized crime. To prevent these security problems from occurring it is of utmost importance to understand the typical software faults. This paper contributes to this body of knowledge by presenting a field study on two of the most widely spread and critical web application vulnerabilities: SQL Injection and XSS. It analyzes the source code of security patches of widely used web applications written in weak and strong typed languages. Results show that only a small subset of software fault types, affecting a restricted collection of statements, is related to security. To understand how these vulnerabilities are really exploited by hackers, this paper also presents an analysis of the source code of the scripts used to attack them. The outcomes of this study can be used to train
  • 2.
    software developers andcode inspectors in the detection of such faults and are also the foundation for the research of realistic vulnerability and attack injectors that can be used to assess security mechanisms, such as intrusion detection systems, vulnerability scanners, and static code analyzers. EXISTING SYSTEM: The security of web applications becomes a major concern and it is receiving more and more attention from governments, corporations, and the research community. Attackers also followed the move to the web and as such more than half of current computer security threats and vulnerabilities affect web applications. Not surprisingly, the number of reported attacks that exploit web application vulnerabilities is increasing. In fact, numerous data breach attacks are frequently reported due to web application security problems. Given the preponderant role of web applications in many organizations, one can realize the importance of finding ways to reduce the number of vulnerabilities. This can be helped with a deeper knowledge on
  • 3.
    software faults behindsuch vulnerabilities; however, this is a vast field and there is still a lot of work to be done. DISADVANTAGES OF EXISTING SYSTEM:  It is vulnerable to attacks. Attackers also followed the move to the web and as such more than half of current computer security threats and vulnerabilities affect web applications. PROPOSED SYSTEM: This paper contributes to fill this gap by presenting a study on characteristics of source code defects generating major web application vulnerabilities. The main research goal is to understand the typical software faults that are behind the majority of web application vulnerabilities, taking into account different programming languages. To understand the relevance these kinds of vulnerabilities for the attackers, the paper also analyzes the code used to exploit them. The proposed methodology allows gathering the information on common
  • 4.
    mistakes that developersshould avoid. This knowledge is helpful for training, and it is crucial for the specification of guidelines for security code reviewers, for the evaluation of penetration testing tools, as well as for the creation of safer internal policies for programming practices, among others. It can also be used to build a realistic attack injector. In our study, we observed that not every vulnerability is equally important for an attacker, and when not all vulnerabilities can be fixed in due time, these data may be used to select those that should be addressed first. ADVANTAGES OF PROPOSED SYSTEM: Its underlying idea is that knowing the root cause of software defects helps removing their source. Each patch was inspected in depth to gather the precise characteristics of the code that was responsible for the security problem and classified them according to an adaptation of the orthogonal defect classification.
  • 5.
    SYSTEM CONFIGURATION:- HARDWAREREQUIREMENTS:- Processor - Pentium –IV Speed - 1.1 Ghz RAM - 512 MB(min) Hard Disk - 40 GB Key Board - Standard Windows Keyboard Mouse - Two or Three Button Mouse Monitor - LCD/LED SOFTWARE REQUIREMENTS: Operating system : Windows XP. Coding Language : JAVA Data Base : MySQL Tool : Netbeans.
  • 6.
    REFERENCE: Jose´ Fonseca,Nuno Seixas, Marco Vieira, and Henrique Madeira, “Analysis of Field Data on Web Security Vulnerabilities” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014.
  • 7.
    REFERENCE: Jose´ Fonseca,Nuno Seixas, Marco Vieira, and Henrique Madeira, “Analysis of Field Data on Web Security Vulnerabilities” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014.