The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities-Reference-Cited by-同舟云学术

The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities

Published:2023-06-14 Issue:12 Volume:12 Page:2664
ISSN:2079-9292
Container-title:Electronics
language:en
Short-container-title:Electronics

Author:

Albalawi Neaimh¹,Alamrani Norah¹^ORCID,Aloufi Rasha¹^ORCID,Albalawi Mariam¹,Aljaedi Amer¹^ORCID,Alharbi Adel R.¹^ORCID

Affiliation:

1. College of Computing and Information Technology, University of Tabuk, Tabuk 71491, Saudi Arabia

Abstract

In recent years, the number of people using the Internet has increased worldwide, and the use of web applications in many areas of daily life, such as education, healthcare, finance, and entertainment, has also increased. On the other hand, there has been an increase in the number of web application security issues that directly compromise the confidentiality, availability, and integrity of data. One of the most widespread web problems is defacement. In this research, we focus on the vulnerabilities detected on the websites previously exploited and distorted by attackers, and we show the vulnerabilities discovered by the most popular scanning tools, such as OWASP ZAP, Burp Suite, and Nikto, depending on the risk from the highest to the lowest. First, we scan 1000 URLs of defaced websites by using three web application assessment tools (OWASP ZAP, Burp Suite, and Nikto) to detect vulnerabilities which should be taken care of and avoided when building and structuring websites. Then, we compare these tools based on their performance, scanning time, the names and number of vulnerabilities, and the severity of their impact (high, medium, low). Our results show that Burp Suite Professional has the highest number of vulnerabilities, while Nikto has the highest scanning speed. Additionally, the OWASP ZAP tool is shown to have medium- and low-level alerts, but no high-level alerts. Moreover, we detail the best and worst uses of these tools. Furthermore, we discuss the concept of Domain Name System (DNS), how it can be attacked in the most common ways, such as poisoning, DDOS, and DOS, and link it to our topic on the basis of the importance of its infrastructure and how it can be the cause of hacking and distorting sites. Moreover, we introduce the tools used for DNS monitoring. Finally, we give recommendations about the importance of security in the community and for programmers and application developers. Some of them do not have enough knowledge about security, which allow vulnerabilities to occur.

Publisher

MDPI AG

Subject

Electrical and Electronic Engineering,Computer Networks and Communications,Hardware and Architecture,Signal Processing,Control and Systems Engineering

Link

https://www.mdpi.com/2079-9292/12/12/2664/pdf

Reference40 articles.

1. Incorporating active learning activities to the design and development of an undergraduate software and web security course;Srivatanakul;J. Comput. Educ.,2022

2. Alsaffar, M., Aljaloud, S., Mohammed, B.A., Al-Mekhlafi, Z.G., Almurayziq, T.S., Alshammari, G., and Alshammari, A. (2022). Detection of Web Cross-Site Scripting (XSS) Attacks. Electronics, 11.

3. Malicious domain detection using machine learning on domain name features, host-based features and web-based features;Palaniappan;Procedia Comput. Sci.,2020

4. Albalawi, M.M., Aloufi, R.B., Alamrani, N.A., Albalawi, N.N., Aljaedi, A.O., and Alharbi, A.R. (2022). Website Defacement Detection and Monitoring Methods: A Review. Electronics, 11.

5. Nguyen, T.H., Hoang, X.D., and Nguyen, D.D. (2021). Detecting Website Defacement Attacks using Web-page Text and Image Features. Int. J. Adv. Comput. Sci. Appl., 12.

Cited by 1 articles. 订阅此论文施引文献订阅此论文施引文献，注册后可以免费订阅5篇论文的施引文献，订阅后可以查看论文全部施引文献

1. Enhancing Web Application Security through Automated Penetration Testing with Multiple Vulnerability Scanners;Computers;2023-11-15