SOLUTION PROPOSAL FOR DETECTION AND CLASSIFICATION OF WEB APPLICATION SECURITY VULNERABILITIES

Abstract

This paper presents an extensive analysis of security aspects in modern web applications and information systems. An overview of web application architecture types and parts of their functionalities that specifically relate to information security is also given. Some of the most commonly found attacks against web applications are shown, along with respective solutions for each of the described attacks. The paper also explains the techniques for web application testing and vulnerability detection, and classifications according to features and execution procedures, with a special overview of the available solutions in this field. The second part of the paper contains a detailed review of WASTT – a new solution aimed for detection and classification of security vulnerabilities in web applications, developed by the authors of this paper. The review contains a comprehensive description of the modular structure, usage procedures and features of the developed system.