المستخلص: |
Web applications have become increasingly vulnerable and exposed to malicious attacks that could affect essential properties of information systems such as confidentiality, integrity, or availability. To cope with these threats, it is necessary to develop efficient security protection mechanisms and assessment techniques (firewall, intrusion detection system, Web scanner, etc.). The purpose of this work is to investigate on analyzing and securing the web versus vulnerabilities, and implement a black box based on web crawler can provide us this analyzes. There was large press news coverage of hot incidences of security concerning the loss of sensible banks credit card information due to a huge number of customers. Mostly of vulnerabilities on the web application come from generic input validation problems. Some examples of those vulnerabilities are XSS (Cross-Site Scripting) and SQL injection. Though most of web vulnerabilities are facile to comprehend and bypassing, unluckily, many web developers are not security-aware. As a consequence, there exist many vulnerable web sites on the Internet. The present work investigate into available vulnerabilities scanning tools and its capabilities, also demonstrates BBWAV (Black Box for Web Application Vulnerabilities), an open-source web vulnerability scanner that automatically analyzes web sites with the objective of detecting exploitable vulnerabilities such as SQL injection, XSS (Cross-site scripting) and RFI (Remote file inclusion).
|