A Review on Web Application Vulnerability Assessment and Penetration Testing
Urshila Ravindran, Raghu Vamsi Potukuchi
Abstract
With the increase in the number of internet users, web applications, user data there is an increase in the number of hackers all over the world.It is becoming challenging for organizations to ensure the security of the data of their employees and their customers around the world.Any cyber-attack on the organization will drastically affect the reputation of the organization as well as the loss of trust from the users or customers.Customers will not invest in these organizations who have encountered a cyber threat or attack.Hence, enabling regular security testing and checks by the penetration testers or security analysts help in preparing the organization from any security threat by testing network and applications.Even after performing the Vulnerability Assessment and Penetration Testing (VAPT) of the applications, it is extremely necessary to follow up the security patches to mitigate all the existing flaws and security vulnerabilities in the web applications under the organization.To this end, this paper presents the common web application security vulnerabilities, prior requirements for performing any security assessment of the web application along with the do's and don'ts of the assessment in accordance with each vulnerability.This paper also discusses various types of security testing and how VAPT is essential in every organization.