Open Access  Subscription or Fee Access

In this era of modern business web world, the use of web applications is increased beyond common comprehension. Every field throughout the world depends on it, but concurrently faces the risk of being copied. Many ways came to light to conquer the security problems even then new attacks see light every day. This is definitely a non-stop cycle, so keeping pace with identifying possible vulnerabilities is the only way out to handle the web applications attack-free. Here Pen testing plays a crucial role to keep pace with spotting possible potential threats. My paper asserts the importance of this Pen testing, vulnerabilities originated in recent times and their solutions. Web servers and web applications play a pivotal role in global market today. Its spread is limitless, with this limitless spread, also developed the problems of security proportionately. So time to time, security alerts became the need of the hour. Now my paper focuses on these possible contemporary vulnerabilities, their explorations, and fitting solutions. This definitely will contribute to expect even very sensitive and unknown vulnerabilities and thereby give way to fix them thoroughly. This is surely the demand of the hour.

Attack, Exploit, Mitigation, Vulnerability

Saltzer and Schroeder (see section 3)

Ken Houghton. Vulnerabilities and Vulnerability Scanning. The Gary McGraw's 10 steps to secure software

OWASP Development Guide Project

from "Foundations of Security: What Every Programmer Needs To Know" by Neil Daswani, Christoph Kern, and Anita Kesavan (ISBN 1590597842)

Understanding and Developing a Threat Assessment Model, S. Vidalis and A. Blyth, University of Glamorgan.

Dafydd Stuttard,Marcuss Pinto, „„The Web Application Hackers Handbook‟‟ Published by Wiley Publishing Inc (2008)

I.chaudhry,S.Clarke,S.veney,E.Rachner,J.Sutton, „„Web Application Security Assessment‟‟ published by SANS Institute(September 2009)

Scambray, Vincent Liu,Caleb Sima, „„Hacking Exposed Web Applications,3rd Edition‟‟ by Joel MCGraw-Hill publishers(2011).

Tony Howlett, „Open Source Security tools‟: A practical guide to security applications by Prentice Hall Publishers( July 29, 2004).

Mc Clure,Saumil Shah,Shreeraj Shah „„Web Hacking Attacks And Defence‟‟ byStaurt publisher Pearson Education Inc.(July 2002)

OWASP. "The Ten Most Critical Web Application Security Vulnerabilities."

OWASP Whitepaper, version 1.0,2003.

Steven Splaine, „„Testing Web Security: Assessing the Security of Web Sites and Applications‟‟ Published by John Wiley & Sons(Dec 03rd 2002)

Michael Cross, Steven Palmer, „„Web application vulnerabilities: detect, exploit,Prevent‟‟ Syngress , 2007

SPI Dynamics. “Web Inspect.” SPI Dynamics Whitepaper, 2003.

Mark Curphey, Joel Scambray,Erik Olson,and Michael Howard. „„ Improving Web Application Security threats and countermeasures‟‟ Published by Microsoft Corporation (2003).

Dafydd Stuttard, The Web Application Hacker‟s Handbook

Online http://www.cirt.net/node/88 (Accessed on September 4, 2011)

Online https://www.owasp.org/ (Accessed on July 12th 2011)

Online http://www.perl.com (Accessed on July 8th March)

Online http://www.sensepost.com/cms/resources/labs/tools/pentest/wikto/using_wikto.pdf (Accessed on September 4, 2011)

Online http://ferruh.mavituna.com/sql-injection-cheatsheet-oku/#MySQLInlineSamples (Accessed on September 4, 2011)

Online http://www.w3schools.com/sql/sql_groupby.asp (Accessed on September 4, 2011)

Online http://www.w3schools.com/sql/sql_union.asp (Accessed on September 4, 2011)

Online http://www.w3schools.com/sql/sql_drop.asp (Accessed on September 4, 2011)

Online http://www.securityfocus.com(Accessed on September 4, 2011)