SEARCH RESULT

The popularity of web applications is growing faster due to fulfil the requirements of the business and satisfy the needs of consumers. Web applications are now being capable in providing business services to its stakeholders in the most effective and efficient manner. In this modern time, several number of services are providing through web applications and performance of those are measured through the services processing time and the informative functionalities. However, those services, at the same time, can be faced by a threat due to improper validation. Currently, cyber-attacks become a critical risk for every digital transformation throughout the world. Careless coding practice during the development and lack of knowledge about security are the root cause of different types of application layer vulnerability remains in the web system. Remote Code Execution (RCE) is one of the serious vulnerability at this era. According to Web Application Security project (CWE/SANS), RCE has been listed as 2nd ranked critical web application Vulnerability since 2016. Insignificant research works on RCE have been found during the literature review. This paper presents a complete case study on RCE vulnerability.

International Conference on Cyber Security and Computer Science
ICONCS

S. Biswas M. M. H. K. Sajal T. Afrin T. Bhuiyan M. M. Hassan

Broken Access Control (BAC), ranked as 5th crucial vulnerability in Open Web Application Security Project (OWASP), appear to be critical in web applications because of its adverse consequence i.e. privilege escalation that may lead to huge financial loss and reputation damage of the company. The intruder of a web system can get an unauthorized access or upgraded access level by exploiting through the BAC vulnerability due to inadequate validation of user credential, misconfiguration of sensitive data disclosure, inappropriate use of functions in the code, unmanaged exception handling, uncontrolled redirection of webpage, etc. This paper presents the awareness regarding the risk for the existence of BAC vulnerability in the web application to its designer, developer, administrator, and web owner considering the facts and findings of the document before hosting the application on live. The experiment was conducted on 330 web applications using manual penetration testing method following double blind testing strategy where 39.09% of the sites were found vulnerable with the same. Access on redirection settings, misconfiguration of sensitive data retrieval, and unauthorized cookie access exploitation techniques performed on the sample sites among five sectors analyzed based on the reason of BAC, platform, domain, and operating system. Binary logistic regression, Pearson’s χ2- value, odd ratios and pvalue tests were performed for analyzing correlations among factors of BAC. This examination also revealed that ignoring session misconfiguration and improper input validation problems are the critical factors for creating BAC vulnerability in application.

International Conference on Cyber Security and Computer Science
ICONCS

M. M. Hassan M. A. Ali T. Bhuiyan M. H. Sharif S. Biswas