1.      Introduction of Web application’s security

In today’s era of technology, most of the businesses are adopting the practices to go online. They are of the view that, by adopting this practice, they can better serve their customers. Also, there is the possibility of having the customer’s feedback, which can better help the service providers to improve their services.

A web application is such a software application that tends to make the use of the remote server for performing its operations. Mostly the web applications are accessed by making use of web browsers such as the internet. The major difference between the web applications and the other applications is that the web applications are not required to be installed. Rather they can be accessed over the internet. The most widely used web applications include as given: Face book, Wikipedia, Flickr and Mibbit.

For every innovation, there exist the evils too. For web applications, there exist various security challenges which make the web apps less reliable. This thing can provide a company with a competitive advantage based on the fact of how efficiently the company has handled the security issues related to web applications.

The nature of the web application’s security threats varies as per the nature of the application development. Every developer is required to follow the basic as well as the advanced standards for tackling the web application’s security issues [1].

The process of web application security is aimed at protecting online services and websites against various security threats. These basically exist for exploiting the vulnerabilities in application code. The most common targets for the attacks to the web application include the content management systems (i.e., WordPress), phpMyAdmin (an administration tool for the database management) as well as SaaS applications [2] .  

Along with the convenience, web applications are also subject to the drawbacks. It is the case when the business processes are relying on web applications. For any business, the protection against the threats to the web applications and the software vulnerabilities are the significant parameters to be considered. It will help to streamline the business processes with positive customer feedback. Some of the common security threats to the web application may include as given: malware, injection attacks, security misconfiguration, brute force, and phishing scam, etc [3].

The trustworthiness of the web applications can better be increased at the security testing phase. It is to be considered as the most significant part of the development of the web application. It better helps in the identification of the possible security attacks that can take place when the web application is actually launched and used.

            By testing web applications for security purposes, they better help to expose the vulnerabilities of web applications. It can include SQL injection, buffer overflow, URL injection, cross-site scripting, file inclusion, and cookie modification. All of these vulnerabilities are expected for web applications. The main reason is that the developers of web applications might not consider possible security threats.

The security threats & attacks tend to affect business integrity, along with the confidentiality of web applications. In order to overcome these issues, it is therefore mandatory to understand about the possible security issues of the web applications [4].

1.1.Problem Statement of Web application’s security

In today’s era of the latest and advanced technology, the businesses are intending to adopt online applications for their business practices. It helps to bring ease in streamlining the business processes. The more effectively these online systems are used, the more they help the businesses to grow along with the revenue generation. The users of these web applications might not have a technical background. It is the limitation that they might not know how resolve the problems at the application level.

The significant issues are related to the web application security whereby the personal details and the data can be accessed by unauthorized users. It can harm both the goodwill and the market share of the company. The unprotected websites and the applications limit the business operation’s effectiveness & efficiency. The security concerns of web applications need to be considered as the first priority.

1.2.Aims and objectives of Web application’s security

The current research work has the following aims and objectives:

·         To investigate the security concerns related to web applications.

·         To provide the possible solutions for avoiding the security issues related to web applications.

·         To provide future directions for the study topic based on the findings of the current research work.

1.3.Organization of the paper of Web application’s security

After the introduction, the next part is related to the literature review about the study topic, i.e., security of the web applications. In the next section, the methodology is included as a part. In the next part is the findings & the discussion of the results. Finally, the conclusion and the recommendations are given related to the web application’s security.

2.      Literature Review of Web application’s security

There are dangerous security flaws for the Web application of today. Due to the global distribution of this application, it becomes prone in order to attacks which are maliciously and uncovered for exploiting the security vulnerabilities and its variety. It has been defined by him in his study, according to the ISO27005, that vulnerability is referred as the weaknesses of the group of assets or assets which may exploit due to the one and more than one.

The assets are one of the most important things which played their role in order to enhance the value of the organization. It can easily enhance the continuity and operations if the business. It also includes the resources of the information that are required for supporting the mission of the organization. It has been observed in the NVD (National Vulnerability Database) the amounts of vulnerabilities has increased roundabout three times during the time span of 2011. It has been represented in 2011 [5].

It has been demonstrated by the report of the web application security that the security of the web application has been reduced as compared to last year's. Infect there are a lot of the problems that are represented by the vulnerabilities of the web application for several organization and companies. As indicated in the most recent reports of the Web security statics “ White Hat” there are more than 63 % websites that are facing the lack of security. 

There are round about six unsolved flaws that occur in each of the websites. An underground economy can be created due to these feed and vulnerabilities, which is based upon stealing and attacking the resources of data. The vulnerability distribution is shown by the below-given graph for the severity of the year of 2015. 

Infect, in the last decade, the web application referred as key essential technologies as well as progressed. In our daily lives these technologies are playing key role in the various areas; for instance private and public sectors of businesses, health care, and online services. It also includes e-banking and E-commerce.

The trading value can be increased by using the various web applications as well as services that rebased upon the internet. In the next several years, the trading volume is expected to increase due to the web applications on the market that’s is exceeding $1 trillion. There are several private and public enterprises that are engaged in developing their services and applications that are based upon the internet in order to take the benefits of its efficiency, features, cost-effectiveness, and simplicity.

In another case, several new challenges occur to all these enterprises related to the security of the services and applications.  In order to handle and manage the data stored in plain text for the locations of the Malt by enterprises they are spending several resources. Nearly web services and applications are engaged in deriving the attention from both research community and industry field. Due to the numerous reasons, it needs strongly for the models of web security; it includes distributed systems and heterogeneous integrations.

 It includes assessments of the sensitive and high volumes, as well as it also includes the data that is maintained by the government agencies and servers of the corporations. Computer crimes and easily distributed malicious software are also essential parts. In another case the security of the software is referred as a quality attributed that is used in order to measure software quality according to the particular scale set, which has generally become the quality attribute; for instance, ISO software quality standard 25010 [6].

2.1.Phishing of Web application’s security

It is considered as the most important as well as profitable attacks seemed like the 450000 attacks that are occurred in 2013 along with the estimated loss more than the $5.9billion. Moreover there round around 1 mail from every 392 mails consists of attacks of phishing in 2013. In order to make the worse things there are roundabout 80% business users who were unable to detect the phishing attacks in effective manners. If the countdown will be starting to increase the numbers of the emails on various devices and users that are very same for measure the pages of the phishing on that particular device.

2.2.Malware of Web application’s security

The attacks of the malware are also increasing rapidly; according to the reports of the Kaspersky Labs there are more than 3 billion attacks that were predicted in 2013 along with 1.8 million of the potential and malicious unwanted programs that are usually used in these particular attacks.

2.3.McAfee Labs of Web application’s security

It has been highlighted by the threat report of the McAfee Labs that there was round about 167% growth for the mobile malware during the 2014 and 2013. There is a number of the lack of security awareness that is uncovered in our previous work. It has been confirmed due to the revealing of the recent reports that there 57% of the adults who have not awareness about the security solutions existence for their particular mobile devices. All of this user are depends upon the web browsers in order to protect them various websites which are serving the malware as well phishing attacks [7].

2.4.Security Misconfiguration of Web application’s security

The web application’s functioning is generally supported by a few complex elements which are required to establishing its security infrastructure. It includes devices or software, databases, servers, Firewalls, OS and numerous other applications. It doesn’t be realized by the people that all of these elements are concerned for the configuration and frequent maintenance in order to run it properly and configuration [8].

2.5.Injection Attacks of Web application’s security

There are other common threats that are usually referred as the name of the injection attack in order to configure it in good way. Such kinds of the attacks observed in the huge variety of the various types of the injection as well as these are primed for attacking the data in the web applications that are required for the function of the web application. It needs more data along with more opportunities in order to target the injection attacks. A few particular examples of such attacks are referred as cross site scripting, SQL injection and code injection. 

References of Abstract of Web application’s security