Security Assessment of Web Applications

A web application is a computer software application that is coded in a browser-supported programming language and reliant on a common web browser to render the application executable. Web hacking refers to exploitation of application via HTTP which can be done by manipulating the application via its graphical web interface tampering the Uniform Resource Identifier (URI) or tampering HTTPS elements not contained in the URI. In this monograph we will present a case study for security assessment of a web application and also will insert our script to a web application as an example of a cross-site scripting exploitation. In chapter one is given a short introduction on web application technology and evolution. In chapter two are described web application vulnerabilities security issues and countermeasures. In chapter three are presented experimental setup and results. There are described two experiments; first we have presented the security assessment for a web application by utilizing Acunetix tool and secondly we have implemented a Cross Site Scripting (XSS) exploit over the bWAPP framework.