Vulnerability Scanner: Web-based Security Testing
Downloads
As the use of internet-based software increased, cybersecurity has emerged as a major issue in the current world. The fast-paced technology innovations allowed most companies to scale their business, consumers to access easier their favorite products, thus increasing the reliance on web-based software. The importance of web security cannot be emphasized given the increase in cybercrime and the damage it poses to businesses, people, and governments. This paper proposes an automated solution capable of detecting and exploiting common vulnerabilities found on web-based software, this being done without performing any malicious intended operations. By using software capable of automatically detecting the means a client could communicate with a server, users can ensure that a thorough verification is done on their web-applications, revealing the blind spots that developers may have overlook.
Downloads
P. Sabanal, IBM. Thingbots: The Future of Botnets in the Internet of Things. [Online]. Available: https://securityintelligence.com/thingbots-the-future-of-botnets-in-the-internet-of-things/ [Accessed: Apr. 20, 2023].
National Institute of Standards and Technology - CVE-2021-44228 [Online]. Available: https://nvd.nist.gov/vuln/detail/CVE-2021-44228 [Accessed: Apr. 21, 2023].
Stuard McDonald, SQL Injection: Modes of Attack, Defence, and Why It Matters [Online]. Available: https://www.sans.org/white-papers/23/ [Accessed: Apr: 21, 2023].
Sucuri. Cross-Site Scripting (XSS) Attacks. [Online]. Available: https://sucuri.net/guides/what-is-cross-site-scripting/ [Accessed. Apr. 21, 2023].
Kirsten S., Cross Site Scripting (XSS). [Online]. Available: https://owasp.org/www-community/attacks/xss/ [Accessed Apr. 21, 2023].
Weilin Zhong, OWASP. Command Injection. [Online]. Available: https://owasp.org/www-community/attacks/Command_Injection [Accessed Apr. 21, 2023].
Admir Dizdar (9 July 2021). LFI Attack: Real Life Attacks and Attack examples. [Online]. Available: brightsec.com/blog/lfi-attack-real-life-attacks-and-attack-examples/ [Accessed Apr. 21, 2023].
Imperva. Remote file inclusion (RFI). [Online]. Available: https://www.imperva.com/learn/application-security/rfi-remote-file-inclusion/ [Accessed Apr. 21, 2023].
Local File Inclusion (LFI) – Web Application Penetration Testing. [Online]. Available: https://medium.com/@Aptive/local-file-inclusion-lfi-web-application-penetration-testing-cc9dc8dd3601 [Accessed Apr. 22, 2023].
U.S. Embassy in Romania
National Cyber Security Directorate
Romanian Police
National Institute of Magistracy
Romanian Banking Institute
European Institute of Romania
Institute of Financial Studies
