WEB APPLICATION SECURITY: AUDIT TOOLS & LANGUAGES

AUTHOR: RNDr. Alexander Galba (University of Economics, Prague)

ABSTRACT:
Testing web application security is an important part of the development web application. Tools and processes for testing the security of web applications and detecting their vulnerabilities experienced development in recent years. Many of these tools and processes depend on the chosen development environment. A crucial factor is the experience of developers, set procedures and control mechanism used in creating web applications. Automated tools are becoming very popular. „Black box“ web vulnerability scanners can find security problems such as cross-site scripting, command execution, directory traversal, SQL injection, insecure server configuration and others. Application of these tools requires no wide knowledge about web development technologies. The problem is the interpretation of results and the subsequent repair issue. These tools cannot guarantee the elimination of security risks. Most popular programming languages in web applications are ASP.NET, PHP and JAVA. If we focus on security of the website in terms of programming languages, number of vulnerabilities will be in each language the same. Selecting the programming language does not have a direct impact on security of web applications. Differences in statistics of successful attacks on web applications are caused by a combination of factors for various programming languages.

KEY WORDS: web application, vulnerability, security scanner, security, programming language

DOI: 10.18267/pr.2015.pav.2125.13

FULLTEXT: WEB APPLICATION SECURITY: AUDIT TOOLS & LANGUAGES – RNDR. ALEXANDER GALBA