Scribd
Upload
56 views

Project Title: Web Application Security Website:: Technologies Used

This document summarizes a web application security project. The project aims to find defects in a website that could be exploited by attackers through manual testing and automated scanning tools. Several vulnerabilities were found, including directory transversal, cross-site scripting, cross-site request forgery, and sensitive data exposure. The project works in phases, first analyzing the application, then gathering domain information, scanning with tools, analyzing risks, and presenting findings. The conclusion states that a full stack of security mitigations is needed to protect applications and data.

Uploaded by

zimgur
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
56 views

Project Title: Web Application Security Website:: Technologies Used

This document summarizes a web application security project. The project aims to find defects in a website that could be exploited by attackers through manual testing and automated scanning tools. Several vulnerabilities were found, including directory transversal, cross-site scripting, cross-site request forgery, and sensitive data exposure. The project works in phases, first analyzing the application, then gathering domain information, scanning with tools, analyzing risks, and presenting findings. The conclusion states that a full stack of security mitigations is needed to protect applications and data.

Uploaded by

zimgur
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 12

Introduction 01

Project Title: Web Application Security


Website: https://pcenagpur.edu.in/

Bootstrap-Prism
jQuery
jQueryUI
Technologies Used prettyPhoto
Isotope
Modernizr
Moment.js
animate.cs
02
About us
Vaibhav Malgewar 0252

Hrishikesh Somchatwar 0258


Vivek Kumar Sharma 0260

Hritik Kuthe 0272

Gunpriya Ramteke 0274


03 Why is Web Application
security necessary?

Application security is important because today's applications are often available over
various networks and connected to the cloud, increasing vulnerabilities to security
threats and breaches.
Application security testing can reveal weaknesses at the application level, helping to
prevent these attacks.
04 PROJECT OBJECTIVE

PART 1 PART 2 PART 3

Finding defects
To make Aware
which may get
with this
created by the Software quality
Vulnerability that
programmer while and reliability follwing Site or
developing the
Application have
software
05
Testing Scope
How we work 07

PHASE 4
PHASE 1 PHASE 3 figuring out Total PHASE 5
PHASE 2 Risk of Web
Analyses the Web Scanning Website Presentation
Application
Application Gathering with Linux and
accourding to
Manually Information about Finding Loops
Framework.
domain and how (DAST)
long it has been
active
06 FINDINGS

Directory Transversal
XSS- (Cross site scripting)
CSRF- (Cross-site Request Forgery)
Clickjacking
Backup file
Cookie without httponly flag set
Email Spoofing
Sensitive Data Exposure
07

STRUCTURE

IP-172.105.253.71
08
References 09
Research Gate:
https://www.researchgate.net/publication/303283577_Vulnerability_assessment_methodologies_An_annotated_bibliogra
phy_for_climate_change_and_the_fisheries_and_aquaculture_sector.

Open Vas:

https://www.openvas.org/

Hacking Articles
https://www.hackingarticles.in/
10 Conclusion

Web application security is a stack of attack surfaces and defensive mitigating solutions. It is
not enough to protect web applications with only one technique, or at only one layer of the
stack. Vulnerabilities in the platform, or in protocols, such as TCP or HTTP, are just as
devastating to the security and availability of applications as attacks against the application
itself.
A full stack of mitigating solutions is necessary to realize a positive web application security
posture. It is important to note that a comprehensive approach requires collaboration across
network, security, operations and development teams, as each has a role to play in protecting
applications and their critical data.
08

THANK YOU

You might also like