A survey on conducting vulnerability assessment in web-based application

Abstract

Many organizations have changed their traditional systems to webbased applications to make more profit and at the same time to increase the efficiency of their activities such as customer support services and data transactions. However web-based applications have become a major target for attackers due to some common vulnerability exists in the application. Assessing the level of information security in a web-based application is a serious challenge for many organizations. One of the important steps to ensure the security of web application is conducting vulnerability assessment periodically. Vulnerability assessment is a process to search for any potential loopholes or vulnerability contain in a system. Most of the current efforts in assessments are involve searching for known vulnerabilities that commonly exist in web-based application. The process of conducting vulnerability assessment can be improved by understanding the functionality of the application and characteristics of the nature vulnerabilities. In this paper, we perform an empirical study on how to do vulnerability assessment with the aim of understanding how the functionality, vulnerabilities and activities that would benefit for the assessment processes from the perspective of application security.