Mostlyattackers attack on the web application because these applications are clientside and has public access. Sometimes hackers split this security and changethe structure of the software which causes a great lose. One wants to use a webapplication if they believe their information will be show to unauthorizedparties.
Malicious user can steel sensitive information send illegal HTTPrequest and other malicious operations. Web browser vulnerabilities are thetarget of the most hackers. Therefore it is necessary to protect webapplications for the purpose of securing sensitive data. Web applications arewritten by the developers that have less programming and security skills,sometimes it is not possible to completely review and verify the code, manysite owners ask the developers to focus on the functionality rather thansecurity. Therefore, vulnerabilities are created. Common vulnerabilities foundin web applications are SQL injection, cross-site scripting and executablecommands and more.
Thus security testing phase can be concatenated to thedevelopment phase for increasing the trustworthiness of the web applications.Goal of security testing is to detect those defects that could be exploited toconduct attacks 20. Security testing helps to emulate and exposevulnerabilities like cross-site scripting, SQL injection, buffer overflow, fileinclusion, URL injection, cookie modification. Due to the enormous increase inthe web application vulnerabilities, there are various threats and challengesbeing faced which can cause a severe setback to the integrity, confidentialityand security of the web applications. So in order to devise any effectivemethodology or techniques for web security testing, we should first understandits unique challenges and issues. The goal of the paper is to discuss aboutvarious issues and challenges related to the security testing of webapplications together with the tools which are used to perform security testingof web applications4.
Number of web testing tool is available tocheck the security. The tools are Paros, Web Scrub, JbroFuzz and more. Thetester’s observations shows manual testing is very useful because number ofsecurity problems can only be found through this testing.
In this paper, wediscuss the attacks which are caused by vulnerabilities and describe the toolsto defense the attacks to secure the web applications1.