Abstract
This paper examines a variety of sources that provide web application security vulnerabilities and incident data. In particular, the research tracks the impact of SQL Injection, Cross-Site Scripting and Cross-Site Request Forgery vulnerabilities. A comparison of vulnerability data versus attacks that have actually resulted in data compromises is studied to determine how the type of vulnerabilities relate to actual methods used to steal data. The paper concludes with recommendations for more secure web applications.
Additional information
Notes on contributors
Gerhard Steinke
Gerhard Steinke completed his doctoral work at the University of Passau in Germany. He has taught Information Systems and Information Security at Seattle Pacific University for the last 20 years. In addition, he has consulted for organizations such as Boeing, Microsoft, AT&T Wireless and the State of Washington. He has provided seminars not only in the US, but also in Mexico, Malaysia and Romania.
Emanuel Tundrea
Emanuel Tundrea completed his doctoral work at the University Polytechnic of Timisoara in Romania. He has taught Management Information Systems at Emanuel University for the last 5 years with a focus on Databases and Software Engineering. He was part of the Object Software Component research group at the 13S Lab in Sophia-Antipolis in France.
Kenmoro Kelly
Kenmoro Kelly completed his Master’s degree in Information Systems Management at Seattle Pacific University. His research interest lies in the area of helping organizations manage technology risks.