Security Scanner For Web Applications Case Study: Learning Management System

Authors

  • Rian Andrian Universitas Pendidikan Indonesia, Indonesia
  • Ahmad Fauzi Universitas Pendidikan Indonesia, Indonesia

DOI:

https://doi.org/10.15575/join.v4i2.394

Keywords:

Security, Web Application, Security Scanner, Learning Management System

Abstract

In software engineering, web applications are software that are accessed using a web browser through a network such as the Internet or intranet. Web applications are applications that can be relied on by users to do many useful activities. Despite the awareness of web application developers about safe programming practices, there are still many aspect in web applications that can be exploited by attacker. The development of web applications and the Internet causes the movement of information systems to use them as a basis. Security is needed to protect the contents of web applications that are sensitive and provide a safe process of sending data, therefore application security must be applied to all infrastructure that supports web applications, including the web application itself. Most organizations today have some kind of web application security program or try to build/ improve. But most of these programs do not get the results expected for the organization, are not durable or are not able to provide value continuously and efficiently and also cannot improve the mindset of developers to build/ design secure web applications. This research aims to develop a web application security scanner that can help overcome security problems in web applications.

References

H. Shahriar, “Web Security Vulnerabilities: Challenges and Solutions A Tutorial Proposal for ACM SAC 2018,” pp. 1–5, 2018.

H. Bang and M. Saraswat, “Building an effective and efficient continuous web application security program,” in Proc. Int. Conf. Cyber Situational Awareness, Data Anal. Assess. (CyberSA)., 2016.

P. Singh, K. Thevar, P. Shetty, and B. Shaikh, “Detection of SQL Injection and XSS Vulnerability in Web Application,” no. 3, pp. 16–21, 2015.

R. P. L. B. B. I. Salahudin, Rekayasa Perangkat Lunak, Bandung, 2006.

R. Petrasch, “Scalable Autograder and LMS Model-based Engineering for Microservice Architectures using Enterprise Integration Patterns for inter-service Communication,” 2017.

A. Masood and J. Java, “Static analysis for web service security - Tools & techniques for a secure development life cycle,” in 2015 IEEE International Symposium on Technologies for Homeland Security (HST 2015), 2015.

I. Dwi, “Real Time System,” 2017.

X. Liu, Q. Chen, L. Li, and S. Chi, “An efficient web vulnerability scanning method based on template matching,” Inf. Technol. J., vol. 13, no. 5, pp. 934–940, 2014.

G. Mazlami, J. Cito, and P. Leitner, “Extraction of Microservices from Monolithic Software Architectures,” 2017.

S. Li, “Understanding quality attributes in microservice architecture,” in Proc. 2017 24th Asia-Pacific Software Engineering Conference Workshops (APSECW 2017), 2018, vol. 2018-January, pp. 9–10.

A. Alzahrani, A. Alqazzaz, N. Almashfi, H. Fu, and Y. Zhu, “Web Application Security Tools Analysis,” Stud. Media Commun., vol. 5, no. 2, p. 118, 2017.

P. R. L., L. C. S., D. Jagli, and A. Joy, “Rational Unified Treatment for Web application Vulnerability Assessment,” in 2014 Int. Conf. Circuits, Syst. Commun. Inf. Technol. Appl., 2014.

M. J. Kargar and A. Hanifizade, “Automation of regression test in microservice architecture,” in Proc. 2018 4th International Conference on Web Research (ICWR 2018), 2018, pp. 133–137.

Downloads

Published

2020-02-14

Issue

Section

Article

Citation Check