A Meta-Scan based approach for the detection of injection vulnerabilities in Web applications

Abstract

The constantly evolving web landscape presents a wide range of emerging threats that exploit vulnerabilities within web applications, exposing data, systems, and servers to significant risks such as data manipulation and theft, unauthorized access and de- nial of services. To tackle these challenges, the present research project explores the ability of dynamic analysis and penetration testing tools to effectively detect injec- tion vulnerabilities in web applications. Consequently, web developers with the help of security experts can take appropriate actions to safeguard vulnerable applications from cyberattacks. The study conducted in this project proposes a meta-scan-based system that leverages the capabilities of several open source and dynamic application security testing tools. The proposed system aims at detecting three specific injection vulnerabilities: cross-site scripting, SQL injections, and OS command injections. To enhance usability, the system incorporates a user-friendly graphical interface with various features. Through rigorous testing using four well-known vulnerable appli- cations, the system’s performance is assessed and compared with that of individual scanners. The results reveal promising outcomes, as the new system successfully re- duces false positives and negatives, validating its efficacy in bolstering web security.