Publication

Abstract : Despite having dedicated applications for different operating system, web application is the most common interface accessed by all the devices. Web application security is an indispensible factor in today’s cyber world. Because of the robust resource available on Internet regarding web development, anyone today can develop a website even with zero coding skills. More than developing a perfect website, maintaining the security has become the prime goal today. Huge data breach in companies resulted due to a small security loophole in their website. Even a minor Cross Site Scripting (XSS) bug may lead to the whole server compromise depending upon the attacker who knows how to convert a simple bug into a disaster. Remote Code Execution (RCE) is one of the critical vulnerability that arises due to the unsafe handling of inputs by the server application. This vulnerability arises under various conditions that include but not limited to unsafe deserialization, XML External Entity attack, Server Side Request Forgery and Server Side Template Injection.