TITLE:
Systematic Review of Web Application Security Vulnerabilities Detection Methods
AUTHORS:
Sajjad Rafique, Mamoona Humayun, Zartasha Gul, Ansar Abbas, Hasan Javed
KEYWORDS:
Software Development Lifecycle, Web Applications, Security Vulnerabilities, Systematic Literature Review
JOURNAL NAME:
Journal of Computer and Communications,
Vol.3 No.9,
September
15,
2015
ABSTRACT: In recent years, web security has been
viewed in the context of securing the web application layer from attacks by
unauthorized users. The vulnerabilities existing in the web application layer
have been attributed either to using an inappropriate software development
model to guide the development process, or the use of a software development
model that does not consider security as a key factor. Therefore, this
systematic literature review is conducted to investigate the various security
vulnerabilities used to secure the web application layer, the security
approaches or techniques used in the process, the stages in the software
development in which the approaches or techniques are emphasized, and the tools
and mechanisms used to detect vulnerabilities. The study extracted 519
publications from respectable scientific sources, i.e. the IEEE Computer
Society, ACM Digital Library, Science Direct, Springer Link. After detailed
review process, only 56 key primary studies were considered for this review based
on defined inclusion and exclusion criteria. From the review, it appears that
no one software is referred to as a standard or preferred software product for
web application development. In our SLR, we have performed a deep analysis on
web application security vulnerabilities detection methods which help us to
identify the scope of SLR for comprehensively investigation in the future
research. Further in this SLR considering OWASP Top 10 web application
vulnerabilities discovered in 2012, we will attempt to categories the
accessible vulnerabilities. OWASP is major source to construct and validate web
security processes and standards.