Web Based Applications and Their Testing Approach

International Journal of Computer Applications, 2014

Due to the increasing complexity of web systems, security testing has become indispensable and critical activity of web application development life cycle. Security testing aims to maintain the confidentiality of the data, to check against any information leakage and to maintain the functionality as intended. It checks whether the security requirements are fulfilled by the web applications when they are subjected to malicious input data. Due to the rising explosion in the security vulnerabilities, there occurs a need to understand its unique challenges and issues which will eventually serve as a useful input for the security testing tool developers and test managers for their relative projects.

Journal of Informatics Electrical and Electronics Engineering (JIEEE), A2Z Journals, 2020

In the present scenario, the usage of internet is enormous and is escalating day by day. Internet facilities are employed in almost every field of work and people are becoming depending on it, with the increasing dependency on the internet, concern regarding information security has been increased. Because most of the work, e-commerce, chatting, payment of the bill, etc. are work through over the internet. That is why security is most important for any web site. Basically, such security concern is high in the field of organizations, institutions, and the financial sector. This paper aims to address the top most vulnerability concerns and how to overcome them. This paper addresses most of the popular vulnerabilities, which are amongst the top 10 according to OWASP and addresses the precautions to be taken to deal with these vulnerabilities. This paper provides a better understanding in a simple and easy way. When the entire world is behind new technologies and everything is moving towards the internet, the need for security increases. One has to be sure about the security of their website as well as the security and privacy of the end users. So, when the world is demanding for new technologies there will be an increase in demand for security testing. Every application or website is considered good only when it is secure and it can only be done by a web tester. This paper explores the vulnerabilities in a precise manner.

Nowadays social networking/service sites are our daily habits and necessity. About 80% of transaction done through online web services, but it is not safe or reliable. Because People may unaware have fraud and crime happened online or they have less command on English language. So, threats are increasing day by day. SOA (service oriented architecture) provides based to online servicing, social interactions and communications without human interaction, but it is raises privacy and security concerns in web services. Generally Web services managed by more than one stake holders. In this review we discuss the security testing methods as well as model issues of web services. Development based on SOA is still required for providing the unique security or proper testing.

Zenodo (CERN European Organization for Nuclear Research), 2022

This research basically centers on the point of website/web application security. The prime agenda of this research is to verify that how much government websites are protected that is how they are handling the user's data as a part of providing such facility over the data inputted by the user. Vulnerability of websites is a very important aspect on which we are not focusing yet. Might have a security escape clause in it. The world is exceedingly reliant on the Internet. Nowadays, web application security is one of the biggest challenges in this world. It is considered as the principal framework for the worldwide data society. Web applications are prone to security attacks. Web security is securing a web application layer from attacks by unauthorized users. A lot of the issues that occur over a web application is mainly due to the improper input provided by the client. This paper discusses the different aspects of web security and its weakness. The main elements of web application security techniques such as the password, encryption-decryption, authentication and integrity are also discussed in this paper. The anatomy of a web application attack and the attack

IJEMR, 2013

Web application testing is a collection of related activities with the aim and objective of uncovering the errors in Web application content, function, usability, navigability, performance, capacity and security. Web testing is a promising technique to ensure the high quality of web application. The data flow information of the web application was captured using flow graphs. And the internal structure, design and implementation of the web application can be tested using white box testing in which the tester chooses inputs to exercise paths through the code and determines the appropriate outputs. In this flow graph web pages can be considered as node of a graph and links as input conditions provided at each node. With the help of basic path testing and graph matrices, the number of independent paths are generated for the flow graph and then finally test cases are derived and tested through mutation testing method.

International journal of safety and security engineering, 2024

The increasing use of the internet has led to a growing number of security threats. Computers, smartphones, smartwatches, and other mobile devices associated with the internet face different threats and exploits. In those cases, different services are provided through web applications only. Those applications are vulnerable to hacking. There are over 1.9 billion websites today, and everything is connected to the network. According to the new national vulnerability database update, 10,683 weaknesses were found in web applications in the first quarter of 2023. The websites have the most significant details of the clients, like personal details, financial details, and so on. Checking all the web application weaknesses is not a silver bullet. So, vulnerability scanners play a significant role in web application security. Vulnerability analysis and penetration testing are two distinct vulnerability types of testing. These tests can help identify all the vulnerabilities in a web application, even those not detected by vulnerability scanners. While certain users access this vulnerability analysis data with just honest goals, like creating some security measures to avoid those vulnerabilities, some utilize it to recognize ways of destroying significant information and records of websites. As it is notable, the term penetration testing is also ethical hacking. The current paper aims to investigate penetration testing on web applications. The paper discusses the different types of penetration testing, the tools and techniques used, and the benefits of penetration testing. It also suggests the challenges of penetration testing and the steps that can be taken to mitigate these challenges.

2017

Internet users and its usage have grown almost exponentially during last decade. Most of the web applications contain both private(sensitive) and public information in theircorresponding database that brings the security of private information on the forefront of the challenge of this domain. Cyber criminals can attempt to stealor tamperwith private information from these insecure or vulnerable web applications by exploiting. In this paper, we have analyzed different approaches of web application security used in current practices since their development such as secure coding, Web Application firewall, vulnerability assessment and penetration testing. In addition, we have also discussed various approachesand repositories which support vulnerability assessment and penetration testing processes.

Computer Networks, 2005

The rapid development phases and extremely short turnaround time of Web applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)-a black-box testing framework for automated Web application security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web application security.

International IEEE Conference on Signal-Image Technologies and Internet-Based System, 2008

Ensuring that a Web-based system respects its security requirements is a critical issue that has become more and more difficult to perform in these last years. This difficulty is due to the complexity level of such systems as well as their variety and increasing distribution. To guarantee such a respect, we need to test the target Web system by applying a complete set of test cases covering all the possible scenarios. To reach this aim, we first specify the Web system behavior from its functional point of view using IF language. Second, this model is augmented by applying a set of dedicated algorithms to integrate timed security properties specified in Nomad language. This language is well adapted to express security properties with time constraints. Then, we use a dedicated tool called TestGen-IF, to perform an automatic test generation of test cases targeting security purposes. These test sequences are transformed in executable test cases that can be applied on a real Web application. We present in this paper an industrial Web-based system provided by France Telecom 1 as a case study to demonstrate the reliability of our framework.

International Journal of Scientific & Technology Research, 2018

May you survive in fascinating times" can be an English phrase claiming to be considered an interpretation of the traditional Chinese curse. Cyber Security risks are becoming top concerns as we find out frequent data breach occurrences on regular basis now a days from organizations like Equifax, Anthem, JP Morgan Chase and other large corporations. As per IBM this year's global average cost of data breach is $3.62 million. Findings from NIST (National Institute of Standards and Technology) shows that 92% of security vulnerabilities exists at the application layer not in the network layer. In this research paper; subsequent subject areas discussed-Introduction to Cyber security, Web applications security challenges, Top web applications vulnerabilities and conclusion with approaches and mindset to comprehend for developers and security testers.