Last updated: July 19, 2019
Topic: SocietyCrime
Sample donated:

AbstracttInttoday’steratoftInternettthettechnologytandtwebtapplicationstaretbecometmoretpopulartandtcomplextattthetsamettime.

tThesetapplicationstprovidetmanytbenefitstbuttalongtwithtriskttotorganization,tbrandtandtdata.tThetbasictoftthistpapertisttotanalyzetwebtattackstintrecenttyearstthatthavetcompromisedtwebtapplications,titstdatatortitstusers.tThistpapertincludestthetwebtattackstanalysistfromtWebsitetHackingtIncidenttDatabaset(WHID)tandtothertinformationtsecuritytandtnewstwebsites.tThettoptwebtattacksthavetbeentidentifiedtandtalsotthettoptcategoriestoftwebtapplicationstaretanalyzed.tButtwithtthettechnologicaltevolutiontcomestthetprogresstoftcybercrime,twhichtdevelopstnewtwaystoftattackttypes,ttoolstandttechniquestthattallowtattackersttotpenetratetmoretcomplextortwell-controlledtenvironments,tandtproducetincreasedtdamagetandteventremaintuntraceable IntroductionttOvertthetpasttfewtyearstitthastbeentattrendtintthetintthetinformationtsecuritytthattthetwebtapplicationstaretundertattacked.tEverydayttheretaretnewtreportstoftcyberattackstontleadingtwebtsites.

We Will Write a Custom Essay Specifically
For You For Only $13.90/page!


order now

tBecausetoftmanytvulnerabilitiestexistingtintwebtapplicationstitthastbecometverytsoftttargettfortthetattackerstsotthetbesttmethodttotstoptalltthesetactivitiestaretsecuretwebtdevelopmenttandtwritingtsecuretcode.tHowevertittistnottastmuchteasy.tMoreover,tintthistmoderntaget100%tsecuritytistnottpossibletbuttwetcantprotecttourtwebsitestastmuchtastwetcan.tAlsotitttakestmanyttimestandtittalsotrequiredtmostttalentedtpeopletwhichtistalsotnottpossibletfortthetsmalltsizedtorganizationt.tIntothertwords,twetcantsaytthattsecuritytistrequiredtforteachtwebtapplicationtbuttthetleveltoftsecuritytmaytvarytfromtorganizationttotorganization.totprovidetsecuritytfirsttwetneedttotknowtwhattshouldtbetthetsecuretandtwhy.

tThetobjectivetoftthetpapertisttotfindtthettrendtoftattackstontwebtapplicationstandtthettargettoftattackersttotknowtwhattweaknessestaretcommontintwebtapplicationstandtusingtthatttryttotfindtthetbesttsolutiontfortthat.tThistpapertanalysesttoptwebtattackstontdifferenttwebtcategories.tResearchtmethodologytTotfindtalltthetanalysistoftthetwebtattackstwetcollecttdatatfromtthetWHIDtwebthackingtincidenttdatabasetmainlytandtalsotgfromtthetotherthackingtwebsitestlikethacknews.comtabcnews.

go.comtthetmaintWHIDtistthetconsortiumtprojecttwhichtmaintainstthetlisttoftthetsecuritytincidentstandtitstgoaltisttotservetthetawarenesstagainsttthetwebtattackstandtgivestthetnewtwaysttotprovidetsecurityttotthetwebsitest.tittgivestthetstatisticstanalysistoftwebtattackst.

  DiscussiontIntthistpapertourtfocustwilltbetontthetthesetfourtquestionst1.      Whattaretthetmajortattackstoccurringtontthetwebtintrecenttyears?2.      Whatttypetoftwebtsitestattractstmaximumtattackers?t3.      Whatttypestoftattackstaretcommontontthetmajortcategoriestoftwebtapplicationstliketfinance,teducation,tgovernmenttetc.

?4.      Dotalltwebtcategoriestobservetthetsamettypestattackstandtneedtthetsametsecuritytlevel?LiteraturetreviewtSotnowtatdaystatsocialtnetworktistthetmappingtandtmeasuringtoftrelationshipstandtflowstbetweentindividuals,tgroups,torganizations,tcomputers,twebsites,tandtothertinformation/knowledgetprocessingtentities.tCyber-attackstbecometmoretcommontintbothtcompaniestoftalltsizestastwelltastsingletindividuals,tyettlittletistuniversallytknowntabouttcyber-crime.tOnetoftthetwebsitetsecuritytstatisticstreporttoftWhiteHattdepictstthatt86%toftwebsitesttheythavettestedtandttheythavetatleastt1tserioustvulnerabilitiestsotthetaveragetbecomest16.7SotiftwetneedtsecuretwebtdevelopmenttwetshouldtfollowtthetstepstoftthetsoftwaretdevelopmenttlifetcycletintthistmanytphasestincludetlikettestingtanalysistdesigningtcodingtimplementingtsotwhentthetwebtsitetpassestalltoftthesetphasestittbecometverytsecuretbutttotimplementtsecuritytthroughtthistitttakestmuchtmorettimetandtalsotittistverytcostlytsotnottalltthetclientstcantaffordtthistbuttsometorganizationstmaytdevelopttheirtwebsitestthroughtthistandtittwilltbecometverytsecuretandtverytlowtchancetoftattackstontthesetastItalreadyttoldtthatt100%tsecuritytistnottpossibletintthistinternettworldtsecuritytistrequiredtforteachtwebtapplicationtbuttthetleveltoftsecuritytmaytvarytfromtorganizationttotorganizationtandtthettypetoftwebtapplication.WebtattackstanalysisWetcollecttdatatfromt2012ttot2015tontthetbasistoftwebtattackstlikethowtmanyttimetstthistattackstoccurstintyears Attackst 2012 2013 2014 2015 SQLI 352 185 112 71 DDOS 151 178 85 30 XSS 68 34 60 02 A/CtHijacking 30 106 88 34 Defacementt 74 120 135 57 Unauthorizedtaccess 10 14 112 1 Directoryttraversal 0 13 2 1 Phishing 9 02 74 0 POS/Malware 11 29 4 31 BRUTEFORCE 0 4 5 0 Codetinjection 0 1 15 0 DNStHijacking 6 29 2 5 Servertvulnerabilities 1 0 129 0 Otherst 97 132 183 35 Unknownt 265 208 188 68 Totalt 1074 1045 853 335  SQLItIttistbasicallytatcodetinjectionttechniquetittattackstthetdatabasetoftthetwebtitthappenstbecausetoftvulnerabilitiestexisttintdatabasetDDOSIttwilltloadtthetsystemtsotbasicallytittcrosstthetlimittofttotaltvisitorstontthetwebsitetattattimetlogicallytandtthroughtthisttheytattacktthetserverXSStIttistatcrosstsitetscriptingtintthistmalicioustcodetaretinjectedtintotthettrustedtwebsitestsotwhentthetusertopentthis.tIttwilltattacktthetserver.AccountthijackingIntthistuser’staccounttisthackedtbytthetattackertfortsometunauthorizedtactivitiestandtthististcarriedtouttbytphishing.bytsendingtfaketemailsttotuserstandtwhentuserstclicktthemttheirtaccountsthacked.DefacementtIttchangestthetvisualtappearancetoftwebsitetwithtthetfulltinterfacetthetattackerstbreaktintotthetservertandtchangestthetoriginaltwebsitetwithtthetfaketone.tWhichthackstthetsystemUnauthorizedtaccessWhentsomeonethavetaccessttotthetotherstwebsitestprogramstaccountstbytwrongtmethodDirectoryttraversaltIttallowstattackersttothavetaccessttotthetrestrictedtfilestsotbytthisttheytfindtatvalidtemailtaddresstbytthetbrutetforce.PhishingtIttallowstattackersttotstoletthetalltpersonaltdatatoftthetusertsuchtastusernametpasswordstandtcredittcardtdetailstetctbytsendingtatmalicioustcodettotthetusertMalwaretIttistatmalicioustsoftwaretwhichtistusedtbytcybercrimesttotattacktthetpointtoftsalet(POS)t.Ittistbasicallytatantivirustsoftwaretwhentusertinstalltthetfaketonetittstealstalltthetinformationtintthetcomputertandtattackstthetservertalso.DNStHijackingtIntthistthetindividualtredirectsttotthetdomaintnametservert(DNS).sotwhentusertcantcontroltthetDNSttheytcantdirecttotherstwhothavetthetsametwebtpagetandthavetsometextratcontenttontittliketadvertisement.ServertvulnerabilitiestIttincludestalltthetwebtattackstliketSQLI,tXSS,tinformationtleakage.tSotbasicallytalltthetreasonstwhichtaretthetresponsibletfortalltthetvulnerabilitiestintthetservertandtthentservethacks.WebtapplicationtcategoriestIntthistlisttincludetthetwebtapplicationtattackstontthetbasistoftwebtcategories  Webtapplicationtcategoriest 2012 2013 2014 2015 Total Financet 47 98 33 22 200 Governmentt 248 197 197 67 827 Newst 38 23 23 20 150 Educationt 78 56 56 22 229 Software/videotgames 40 47 47 23 169 Healtht 9 31 31 18 57 Ecommercet 31 28 28 15 94 Socialtnetworkingt 69 44 44 5 195 Tourismt 4 8 8 7 23 On-linetentertainmentt 31 9 9 10 67  Sotwetcantclearlytseetthattgovernmenttistontthetleadtofteveryttypetoftattacks.ConclusiontSotthetbasictpurposetfortthistpapertisttottelltthetempiricaltanalysistoftthetwebtattacks.tIntthistmoderntagetofttechnologiestwetcannottsecuret100%twebsitetbuttthistanalysistmaythelptthetwebtdevelopersttotnoticetthetwhichtcategoriestoftwebtaretusuallytundertattacktandtgivetattentionttotthosetandtmaketwebsitestthroughtthetpropertphasestoftsoftwaretdevelopmenttlifetcyclet(SDLC).whichtalsotminimizetthetrisktoftwebthack.Referencest·        WebtServicestAttackstandtSecurity-tAtSystematictLiteraturetReview·        Web-Hacking-Incident-Database·        Cyber-Attackst–tTrends,tPatternstandtSecuritytCountermeasures·        WikipediatThetFreetEncyclopedia·        http://shodh.inflibnet.ac.in/bitstream/123456789/336/3/03_literature%20review.pdf·        ApplicationtVulnerabilitytTrendstReport