Posted on

Abstract

tInttoday’steratoftInternettthettechnologytandtwebtapplicationstaretbecometmoretpopulartandtcomplextattthetsamettime.tThesetapplicationstprovidetmanytbenefitstbuttalongtwithtriskttotorganization,tbrandtandtdata.tThetbasictoftthistpapertisttotanalyzetwebtattackstintrecenttyearstthatthavetcompromisedtwebtapplications,titstdatatortitstusers.tThistpapertincludestthetwebtattackstanalysistfromtWebsitetHackingtIncidenttDatabaset(WHID)tandtothertinformationtsecuritytandtnewstwebsites.tThettoptwebtattacksthavetbeentidentifiedtandtalsotthettoptcategoriestoftwebtapplicationstaretanalyzed.tButtwithtthettechnologicaltevolutiontcomestthetprogresstoftcybercrime,twhichtdevelopstnewtwaystoftattackttypes,ttoolstandttechniquestthattallowtattackersttotpenetratetmoretcomplextortwell-controlledtenvironments,tandtproducetincreasedtdamagetandteventremaintuntraceable

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

 

Introductiont

tOvertthetpasttfewtyearstitthastbeentattrendtintthetintthetinformationtsecuritytthattthetwebtapplicationstaretundertattacked.tEverydayttheretaretnewtreportstoftcyberattackstontleadingtwebtsites.tBecausetoftmanytvulnerabilitiestexistingtintwebtapplicationstitthastbecometverytsoftttargettfortthetattackerstsotthetbesttmethodttotstoptalltthesetactivitiestaretsecuretwebtdevelopmenttandtwritingtsecuretcode.tHowevertittistnottastmuchteasy.tMoreover,tintthistmoderntaget100%tsecuritytistnottpossibletbuttwetcantprotecttourtwebsitestastmuchtastwetcan.tAlsotitttakestmanyttimestandtittalsotrequiredtmostttalentedtpeopletwhichtistalsotnottpossibletfortthetsmalltsizedtorganizationt.tIntothertwords,twetcantsaytthattsecuritytistrequiredtforteachtwebtapplicationtbuttthetleveltoftsecuritytmaytvarytfromtorganizationttotorganization.totprovidetsecuritytfirsttwetneedttotknowtwhattshouldtbetthetsecuretandtwhy.tThetobjectivetoftthetpapertisttotfindtthettrendtoftattackstontwebtapplicationstandtthettargettoftattackersttotknowtwhattweaknessestaretcommontintwebtapplicationstandtusingtthatttryttotfindtthetbesttsolutiontfortthat.tThistpapertanalysesttoptwebtattackstontdifferenttwebtcategories.t

Researchtmethodologyt

TotfindtalltthetanalysistoftthetwebtattackstwetcollecttdatatfromtthetWHIDtwebthackingtincidenttdatabasetmainlytandtalsotgfromtthetotherthackingtwebsitestlikethacknews.comtabcnews.go.comtthetmaintWHIDtistthetconsortiumtprojecttwhichtmaintainstthetlisttoftthetsecuritytincidentstandtitstgoaltisttotservetthetawarenesstagainsttthetwebtattackstandtgivestthetnewtwaysttotprovidetsecurityttotthetwebsitest.tittgivestthetstatisticstanalysistoftwebtattackst.

Discussiont

Intthistpapertourtfocustwilltbetontthetthesetfourtquestionst

1.      
Whattaretthetmajortattackstoccurringtontthetwebtintrecenttyears?

2.      
Whatttypetoftwebtsitestattractstmaximumtattackers?t

3.      
Whatttypestoftattackstaretcommontontthetmajortcategoriestoftwebtapplicationstliketfinance,teducation,tgovernmenttetc.?

4.      
Dotalltwebtcategoriestobservetthetsamettypestattackstandtneedtthetsametsecuritytlevel?

Literaturetreview

tSotnowtatdaystatsocialtnetworktistthetmappingtandtmeasuringtoftrelationshipstandtflowstbetweentindividuals,tgroups,torganizations,tcomputers,twebsites,tandtothertinformation/knowledgetprocessingtentities.tCyber-attackstbecometmoretcommontintbothtcompaniestoftalltsizestastwelltastsingletindividuals,tyettlittletistuniversallytknowntabouttcyber-crime.t

OnetoftthetwebsitetsecuritytstatisticstreporttoftWhiteHattdepictstthatt86%toftwebsitesttheythavettestedtandttheythavetatleastt1tserioustvulnerabilitiestsotthetaveragetbecomest16.7

SotiftwetneedtsecuretwebtdevelopmenttwetshouldtfollowtthetstepstoftthetsoftwaretdevelopmenttlifetcycletintthistmanytphasestincludetlikettestingtanalysistdesigningtcodingtimplementingtsotwhentthetwebtsitetpassestalltoftthesetphasestittbecometverytsecuretbutttotimplementtsecuritytthroughtthistitttakestmuchtmorettimetandtalsotittistverytcostlytsotnottalltthetclientstcantaffordtthistbuttsometorganizationstmaytdevelopttheirtwebsitestthroughtthistandtittwilltbecometverytsecuretandtverytlowtchancetoftattackstontthesetastItalreadyttoldtthatt100%tsecuritytistnottpossibletintthistinternettworldtsecuritytistrequiredtforteachtwebtapplicationtbuttthetleveltoftsecuritytmaytvarytfromtorganizationttotorganizationtandtthettypetoftwebtapplication.

Webtattackstanalysis

Wetcollecttdatatfromt2012ttot2015tontthetbasistoftwebtattackstlikethowtmanyttimetstthistattackstoccurstintyears

Attackst

2012

2013

2014

2015

SQLI

352

185

112

71

DDOS

151

178

85

30

XSS

68

34

60

02

A/CtHijacking

30

106

88

34

Defacementt

74

120

135

57

Unauthorizedtaccess

10

14

112

1

Directoryttraversal

0

13

2

1

Phishing

9

02

74

0

POS/Malware

11

29

4

31

BRUTEFORCE

0

4

5

0

Codetinjection

0

1

15

0

DNStHijacking

6

29

2

5

Servertvulnerabilities

1

0

129

0

Otherst

97

132

183

35

Unknownt

265

208

188

68

Totalt

1074

1045

853

335

 

SQLI

tIttistbasicallytatcodetinjectionttechniquetittattackstthetdatabasetoftthetwebtitthappenstbecausetoftvulnerabilitiestexisttintdatabaset

DDOS

Ittwilltloadtthetsystemtsotbasicallytittcrosstthetlimittofttotaltvisitorstontthetwebsitetattattimetlogicallytandtthroughtthisttheytattacktthetserver

XSS

tIttistatcrosstsitetscriptingtintthistmalicioustcodetaretinjectedtintotthettrustedtwebsitestsotwhentthetusertopentthis.tIttwilltattacktthetserver.

Accountthijacking

Intthistuser’staccounttisthackedtbytthetattackertfortsometunauthorizedtactivitiestandtthististcarriedtouttbytphishing.bytsendingtfaketemailsttotuserstandtwhentuserstclicktthemttheirtaccountsthacked.

Defacementt

Ittchangestthetvisualtappearancetoftwebsitetwithtthetfulltinterfacetthetattackerstbreaktintotthetservertandtchangestthetoriginaltwebsitetwithtthetfaketone.tWhichthackstthetsystem

Unauthorizedtaccess

Whentsomeonethavetaccessttotthetotherstwebsitestprogramstaccountstbytwrongtmethod

Directoryttraversalt

Ittallowstattackersttothavetaccessttotthetrestrictedtfilestsotbytthisttheytfindtatvalidtemailtaddresstbytthetbrutetforce.

Phishingt

Ittallowstattackersttotstoletthetalltpersonaltdatatoftthetusertsuchtastusernametpasswordstandtcredittcardtdetailstetctbytsendingtatmalicioustcodettotthetusert

Malwaret

Ittistatmalicioustsoftwaretwhichtistusedtbytcybercrimesttotattacktthetpointtoftsalet(POS)t.Ittistbasicalytatantivirustsoftwaretwhentusertinstalltthetfaketonetittstealstalltthetinformationtintthetcomputertandtattackstthetservertalso.

DNStHijackingt

Intthistthetindividualtredirectsttotthetdomaintnametservert(DNS).sotwhentusertcantcontroltthetDNSttheytcantdirecttotherstwhothavetthetsametwebtpagetandthavetsometextratcontenttontittliketadvertisement.

Servertvulnerabilitiest

IttincludestalltthetwebtattackstliketSQLI,tXSS,tinformationtleakage.tSotbasicallytalltthetreasonstwhichtaretthetresponsibletfortalltthetvulnerabilitiestintthetservertandtthentservethacks.

Webtapplicationtcategoriest

Intthistlisttincludetthetwebtapplicationtattackstontthetbasistoftwebtcategories

 

Webtapplicationtcategoriest

2012

2013

2014

2015

Total

Financet

47

98

33

22

200

Governmentt

248

197

197

67

827

Newst

38

23

23

20

150

Educationt

78

56

56

22

229

Software/videotgames

40

47

47

23

169

Healtht

9

31

31

18

57

Ecommercet

31

28

28

15

94

Socialtnetworkingt

69

44

44

5

195

Tourismt

4

8

8

7

23

On-linetentertainmentt

31

9

9

10

67

 

Sotwetcantclearlytseetthattgovernmenttistontthetleadtofteveryttypetoftattacks.

Conclusiont

Sotthetbasictpurposetfortthistpapertisttottelltthetempiricaltanalysistoftthetwebtattacks.tIntthistmoderntagetofttechnologiestwetcannottsecuret100%twebsitetbuttthistanalysistmaythelptthetwebtdevelopersttotnoticetthetwhichtcategoriestoftwebtaretusuallytundertattacktandtgivetattentionttotthosetandtmaketwebsitestthroughtthetpropertphasestoftsoftwaretdevelopmenttlifetcyclet(SDLC).whichtalsotminimizetthetrisktoftwebthack.

Referencest

·        
WebtServicestAttackstandtSecurity-tAtSystematictLiteraturetReview

·        
Web-Hacking-Incident-Database

·        
Cyber-Attackst–tTrends,tPatternstandtSecuritytCountermeasures

·        
WikipediatThetFreetEncyclopedia

·        
http://shodh.inflibnet.ac.in/bitstream/123456789/336/3/03_literature%20review.pdf

·        
ApplicationtVulnerabilitytTrendstReport

admin
Author

x

Hi!
I'm James!

Would you like to get a custom essay? How about receiving a customized one?

Check it out