Back to Search Start Over

Systematic Review of Web Application Security Vulnerabilities Detection Methods

Authors :
Sajjad Rafique
Mamoona Humayun
Ansar Abbas
Zartasha Gul
Hasan Javed
Source :
Journal of Computer and Communications. :28-40
Publication Year :
2015
Publisher :
Scientific Research Publishing, Inc., 2015.

Abstract

In recent years, web security has been viewed in the context of securing the web application layer from attacks by unauthorized users. The vulnerabilities existing in the web application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider security as a key factor. Therefore, this systematic literature review is conducted to investigate the various security vulnerabilities used to secure the web application layer, the security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web application development. In our SLR, we have performed a deep analysis on web application security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web security processes and standards.

Details

ISSN :
23275227 and 23275219
Database :
OpenAIRE
Journal :
Journal of Computer and Communications
Accession number :
edsair.doi...........c9bf8f72f0c4e400c09ade93b2ad3f0c