Nscanner: Vulnerabilities Detection Tool for Web Application

Abstract

Internet has been dominating the world nearly a decade. Web application is known to be the most widespread platform of the internet especially when it comes to share resources, e-commerce services, education and business platforms. Since the usage of web applications are increasing dramatically, it's becoming more vulnerable for security attacks. Each year, organizations facing many security attacks towards their web applications. Although many security practices and mitigations have been applying in web application, however there are still some security loophole issues can be found in web application. For instance, these loopholes can be referred as lack of secure coding (standards) implemented in web application, lack of formal security training approach for web developers and improper security testing for their web application. Besides, social engineering attacks also tremendously increasing each year. Many organizations were compromised through phishing attacks due to lack of awareness among users (employees). As a solution to overcome the issues, a research project will be carried out to implement a system called Nscanner to detect Structured Query Language injection (SQLi) and Cross-Site Scripting (XSS) vulnerabilities for web application. Moreover, the developer also will design a malware detection feature based on machine learning approach to detect malware found in attachments from emails in order to prevent malware phishing attacks.