Web Vulnerability Scanner Project Report
Web Vulnerability Scanner Project Report
Web Vulnerability Scanner Project Report
On
Submitted
In fulfillment
Bachelor of Technology
I
A
On
Submitted
In fulfillment
Bachelor Of Technology
SGVU, Jaipur
I hereby that the work, which is being presented in the Major Project, entitled “COMPLETE WEB
VULNERABILITIES SCANNER” in fulfillment for the award of Degree of “Bachelor of Technology” in
Dept. of Computer Science & Engineering with and submitted to the Department of Computer Science&
Engineering, Suresh Gyan Vihar University is a record of my own investigations carried under the
Guidance of Mr. Ravi Shankar Sharma Department of Computer Science & Engineering.
I have not submitted the matter presented in this Major Project any where for the award of any other Degree.
Vikas Kumar
Counter Singed by
This is to certify that the major project entitled “ COMPLETE WEB VULNERABILITIES
SCANNER ” submitted by Vikas Kumar of Semester VII is a bona-fide account of the work
done by him/her under our supervision, during the academic year 2013-2014.
The successful completion of my project can be attributed to the combined efforts made by me and the
contribution made in one form or other by the individuals I hereby acknowledge. First and foremost thank
God Almighty for giving me all strength, courage and blessings to design and complete this project. I wish
to extend my sincere gratitude to the management and our honorable Principle, Mr. Dinesh Goyal for
providing me the valuable opportunity to this project. I express my sincere gratitude to our Head of the
Information Computer Science Department, Mr Kamlesh Lakhwani.I also thank her for her sincere help
and support.
Words fail to thank adequately our project-in-charge and Project guide Mr. Ravi Shankar Sharma who
gave me all supports and helped me to clear all confusions regarding the project. And last but not the least; I
thank my family members and my friends for providing me moral support to achieve my goal.
Thanking you
Complete Web Vulnerabilities Scanner is developed for creating scanning whole webpage of websites .
This web application is to be conceived in its current form as a dynamic site- requiring constant updates
both from the clients as well as the developer. On the whole the objective of the project is to remove the
vulnerabilities which is founded by this application.
A great number of web application vulnerabilities are leveraged through client-side submission of
unexpected inputs. While it is clear these vulnerabilities are complex and widespread, what is not clear is
why after over a decade of effort they remain so prevalent. This paper explores a number of methods for
combatting this class of threats and assesses why they have not proven more successful. The paper describes
the current best practices for minimizing these vulnerabilities and points to promising research and
development in the field.
TABLE OF CONTENTS
Certificate
Acknowledgements
Abstract
Page No:
1. Introduction -------------------------------------------------------------------------------------------------------- 01
6. Screenshots --------------------------------------------------------------------------------------------------------- 26
6.1. Front End Screenshot ---------------------------------------------------------------------------------------- 26
6.2. Back End Screenshot ----------------------------------------------------------------------------------------- 34
9. Conclusion --------------------------------------------------------------------------------------------------------- - 42
Complete web vulnerabilities scanner is used to find the websites bug and after that it shows the
types of bug on that websites. This project is developed in PHP and MYSQL .As we know an ever-
increasing number of high profile data breaches have plagued organizations over the past decade. A great
number of these come about via so called ‘injection attacks’; the submission of malicious code to a web
application. Indeed, the Open Source Web Application Security Project (OWASP), the leading organization
in the field of web app security states; “How data input is handled by Web applications is arguably the most
important aspect of security.”
Two factors increase the stakes of the cyber struggle. Tactically and operationally, the increasing
dependence of modern technologically advanced forces on networks and information systems create new
kinds of exploitable vulnerabilities. Second, as modern societies including the militaries that mirror them
have continued to evolve, they have become ever more dependent on a series of interconnected, increasingly
vulnerable “critical infrastructures” for their effective functioning. These infrastructures not only have
significantly increased the day-to-day efficiency of almost every part of our society, but they have also
introduced new kinds of vulnerabilities.
2. System Analysis
System analysis is an important phase of any system development process. The system is studied to the
minute details and analyzed. The system analyst plays the role of an interrogator and dwells deep into the
working of the present system. In analysis, a detailed study of these operations performed by a system and
their relationships within and outside the system is done. A key question considered here is, “what must be
done to solve the problem?” The system is viewed as a whole and the inputs to the system are identified.
Once analysis is completed the analyst has a firm understanding of what is to be done.
This project is aimed at developing a web-based for a company. This document provides details about
the entire software requirements specification for the CWVS. The project Complete Web Vulnerabilities
Scanner(CWVS) is aimed at developing a web-based and more efficient crawler and Scanner form
EXISTING SYSTEM.
Input injection attacks may serve a number of ends. Generally, they are preferred by malicious users as a
way to obtain restricted data from a back end database or to embed malicious code onto a web server that
will in turn serve up malware to unsuspecting clients. These clients may find their credentials or personal
information exfiltrated as a result.
Economic feasibility
Technical feasibility
Operational feasibility
The feasibility center on the existing computer system (software, hardware) and to what extend it can
support the proposed addition. The technical issue usually raised during the feasibility stage of the
investigation includes the following:
Proposed projects are beneficial only if they can be turned out into information system. That will meet
the organization’s operating requirements. Operational feasibility aspects of the project are to be taken as an
important part of the project implementation. Some of the important issues raised are to test the operational
feasibility of a project includes the following: -
This system is targeted to be in accordance with the above-mentioned issues. Beforehand, the management
issues and user requirements have been taken into consideration. So there is no question of resistance from
the users that can undermine the possible application benefits.
The well-planned design would ensure the optimal utilization of the computer resources and would help in
the improvement of performance status.
3.1. INTRODUCTION
Purpose: The main purpose for preparing this document is to give a general insight into the analysis and
requirements of the existing system or situation and for determining the operating characteristics of the
system. This document provides details about the entire software requirements specification for the
Complete Web Vulnerabilities Scanner. The project Complete Web Vulnerabilities Scanner is aimed at
developing a web-based Scanner of a all company and organization.
Scope: This Document plays a vital role in the development life cycle (SDLC) and it describes the complete
requirement of the system. It is meant for use by the developers and will be the basic during testing phase.
Any changes made to the requirements in the future will have to go through formal change approval
process.
3.2. FUNCTIONAL REQUIREMENTS:
OUTPUT DESIGN
Outputs from computer systems are required primarily to communicate the results of processing to users.
They are also used to provide a permanent copy of the results for later consultation. The various types of
outputs in general are:
OUTPUT DEFINITION
It is not always desirable to print or display data as it is held on a computer. It should be decided as which
form of the output is the most suitable.
For Example
Output Media:
In the next stage it is to be decided that which medium is the most appropriate for the output. The main
considerations when deciding about the output media are:
The outputs were needed to be generated as a hot copy and as well as queries to be viewed on the screen.
Keeping in view these outputs, the format for the output is taken from the outputs, which are currently being
obtained after manual processing. The standard printer is to be used as output media for hard copies.
INPUT DESIGN
Input design is a part of overall system design. The main objective during the input design is as given
below:
INPUT STAGES:
Data recording
Data transcription
Data conversion
Data verification
Data control
Data transmission
Data validation
Data correction
INPUT TYPES:
It is necessary to determine the various types of inputs. Inputs can be categorized as follows:
INPUT MEDIA:
At this stage choice has to be made about the input media. To conclude about the input media consideration
has to be given to;
Type of input
Flexibility of format
Speed
Accuracy
Verification methods
Rejection rates
Ease of correction
Storage and handling requirements
Security
Easy to use
Portability
Keeping in view the above description of the input types and input media, it can be said that most of the
inputs are of the form of internal and interactive. As Input data is to be the directly keyed in by the user, the
keyboard can be considered to be the most suitable input device.
ERROR AVOIDANCE
At this stage care is to be taken to ensure that input data remains accurate form the stage at which it is
recorded upto the stage in which the data is accepted by the system. This can be achieved only by means of
careful control each time the data is handled.
ERROR DETECTION
Even though every effort is make to avoid the occurrence of errors, still a small proportion of errors is
always likely to occur, these types of errors can be discovered by using validations to check the input data.
DATA VALIDATION
Procedures are designed to detect errors in data at a lower level of detail. Data validations have been
included in the system in almost every area where there is a possibility for the user to commit errors. The
system will not accept invalid data.
Hardware Requirements:
Software Requirements:
RDBMS : MySQL
Communication Requirements:-
PHP (recursive acronym for PHP: Hypertext Preprocessor) is a widely-used open source general-
purpose scripting language that is especially suited for web development and can be embedded into HTML.
What distinguishes PHP from something like client-side JavaScript is that the code is executed on the
server, generating HTML which is then sent to the client. The client would receive the results of running
that script, but would not know what the underlying code was. You can even configure your web server to
process all your HTML files with PHP, and then there's really no way that users can tell what you have up
your sleeve.
The best things in using PHP are that it is extremely simple for a newcomer, but offers many advanced
features for a professional programmer. Don't be afraid reading the long list of PHP's features. You can
jump in, in a short time, and start writing simple scripts in a few hours
MySQL is the world's most popular open source database software, with over 100 million copies of
its software downloaded or distributed throughout it's history. With its superior speed, reliability, and ease
of use, MySQL has become the preferred choice for Web, Web 2.0, SaaS, ISV, Telecom companies and
forward-thinking corporate IT Managers because it eliminates the major problems associated with
downtime, maintenance and administration for modern, online applications.
Many of the world's largest and fastest-growing organizations use MySQL to save time and money
powering their high-volume Web sites, critical business systems, and packaged software — including
industry leaders such as Yahoo!, Alcatel-Lucent, Google, Nokia, YouTube, Wikipedia, and Booking.com.
The flagship MySQL offering is MySQL Enterprise, a comprehensive set of production-tested software,
proactive monitoring tools, and premium support services available in an affordable annual subscription.
MySQL is a key part of LAMP (Linux, Apache, MySQL, PHP / Perl / Python), the fast-growing open
source enterprise software stack. More and more companies are using LAMP as an alternative to expensive
proprietary software stacks because of its lower cost and freedom from platform lock-in.
MySQL was originally founded and developed in Sweden by two Swedes and a Finn: David Axmark, Allan
Larsson and Michael "Monty" Widenius, who had worked together since the 1980's.
This project is platform independent so you can run it in many OS like windows XP, window7, window8,
Ubuntu 10 or above , and Linux based OS with the help of supported browser (IE 9 or above) .
4. SYSTEM DESIGN
The importance can be stated with a single word “Quality”. Design is the place where quality is
fostered in software development. Design provides us with representations of software that can assess for
quality. Design is the only way that we can accurately translate a customer’s view into a finished software
product or system. Software design serves as a foundation for all the software engineering steps that follow.
Without a strong design we risk building an unstable system – one that will be difficult to test, one whose
quality cannot be assessed until the last stage.
During design, progressive refinement of data structure, program structure, and procedural details
are developed reviewed and documented. System design can be viewed from either technical or project
management perspective. From the technical point of view, design is comprised of four activities –
architectural design, data structure design, interface design and procedural design.
The new user has to register in order to login for the first time. Then he can use the service of scanner and
crawler and shows the vulnerable pages of scanned websites and also know the types of vulnerabilities.
In this Section user can only login the page and after that they are able to use this services of security issues
of the particular websites.
Module III: Admin
Basically work of admin is to manage the database as well as users problem. Admin has the full privilege to
see any users profile and can make any changes. Admin can also delete user.
Fig.1
4.2.2. DATAFLOW DIAGRAM
Dataflow diagram is used to define the flow of the system and their resources .It is the way of
expressing system requirements in a graphical manner. It is one of the most ingenious tools used for
structured analysis. It is the starting point of design phase.
A full description of a system actually consists of a set of data flow diagrams. Using two familiar notations
Yourdon, Gane and Sarson notation develops the data flow diagrams. Each component in a DFD is labeled
with a descriptive name. Process is further identified with a number that will be used for identification
purpose. The development of DFD’S is done in several levels. Each process in lower level diagrams can be
broken down into a more detailed DFD in the next level. The lop-level diagram is often called context
diagram. It consists a single process bit, which plays vital role in studying the current system. The process
in the context level diagram is exploded into other process at the first level DFD.
The idea behind the explosion of a process into more process is that understanding at one level of detail is
exploded into greater detail at the next level. This is done until further explosion is necessary and an
adequate amount of detail is described for analyst to understand the process.
Larry Constantine first developed the DFD as a way of expressing system requirements in a
graphical from, this lead to the modular design.
A DFD is also known as a “bubble Chart” has the purpose of clarifying system requirements and identifying
major transformations that will become programs in system design. So it is the starting point of the design
to the lowest level of detail. A DFD consists of a series of bubbles joined by data flows in the system.
Crawler DFD
Crawler Queue DFD
Crawler Fetch DFD
Overall DFD
4.2.3. USECASE DIAGRAM:
In designing an efficient and effective system it is important to consider usecase diagram. Usecase diagram
is one of the five diagrams in YML or modeling the dynamic aspects of the system.usecase diagram is
central to modeling the behavior of a system, a subsystem or a class. Usecase diagram are more important
for visualizing, specifying and make systems, subsystems and classes approachable and view of how those
elements may be used in context.
Crawl webpage
Scan Webpages
Find Result
Sign Out
This produces the working system by defining the design specifications that tell the programmers
exactly what the candidate system must do.
Architectural design is a comprehensive framework that describes its form and a structure its
components and how they fit together. Architectural design is a software component that can be something
as simple as program module, but it can also be extended to include database and middleware that enable
the configuration of a network of client and servers. This project consists of different modules. The
Administrator module helps the administration of the entire site. The administrator will decide which
department should view the complaint.
Interface design creates an effective communication medium between a human and a computer. In
this project it is the communication between Administrator and station in-charge design. Since this project
requires a database, the client machines require proper connection with the server machine. The users will
interact with the software through the user friendly web pages.
Database design is the most important part of the system design phase. In a database environment
common data are available and are used by several users. Instead of each program managing its own data,
authorized users share data across application with the database software managing the data as an entity. In
our project both the administrator and station in-charge share the crime details and criminal details. The
primary objective of database design is fast response time to inquire, more information at low cost, control
of redundancies, clarity and ease of use, data and program independencies, accuracy and integrity of the
system.
1. User :
o Username
o Email
o Password
2. Vulnerabilities:
o Id
o Name
o Description
o Solution
o Priority
o Priority Num
3. Tests:
o Id
o Status
o numUrlsFound
o Type
o Num_requests_send
o Start_timestamp
o Finish_timestamp
o Scan_finished
o Url
o Username
o Urls_found
4. Test_results:
o Test_id
o Type
o Method
o Url
o Attack_str
4.3. NORMALIZATION
It is a process of converting a relation to a standard form. The process is used to handle the problems that
can arise due to data redundancy i.e. repetition of data in the database, maintain data integrity as well as
handling problems that can arise due to insertion, updation, deletion anomalies.
Decomposing is the process of splitting relations into multiple relations to eliminate anomalies and maintain
anomalies and maintain data integrity. To do this we use normal forms or rules for structuring relation.
Insertion anomaly: Inability to add data to the database due to absence of other data.
Update anomaly: Data inconsistency resulting from data redundancy and partial update
Normal Forms: These are the rules for structuring relations that eliminate anomalies.
A relation is said to be in first normal form if the values in the relation are atomic for every attribute in the
relation. By this we mean simply that no attribute value can be a set of values or, as it is sometimes
expressed, a repeating group.
A relation is said to be in second Normal form is it is in first normal form and it should satisfy any one of
the following rules.
Transitive Dependency: If two non-key attributes depend on each other as well as on the primary key then
they are said to be transitively dependent. The above normalization principles were applied to decompose
the data in multiple tables thereby making the data to be maintained in a consistent state.
5. SYSTEM TESTING
Testing is the process of executing the program to find if there are any errors. It is the final verification and
validation activity .In testing phase we have tried to affirm the quality of the product. We have also tried to
eliminate errors in the previous stages.
Testing is the process of running a system with the intention of finding errors.
Testing enhances the integrity of a system by detecting deviations in design and errors in the
system.
Testing aims at detecting error-prone areas. This helps in the prevention of errors in a system.
Testing also add value to the product by confirming to the user requirements.
Causes of Errors
Communication gap between the developer and the business decision maker: A communication
gap between the developer and the business decision maker is normally due to subtle differences
between them. The differences can be classified into five broad areas: Thought process, Background
and Experience, Interest, Priorities, Language.
Time provided to a developer to complete the project: A common source of errors in projects
comes from time constraints in delivering a product. To keep to the schedule, features can be cut. To
keep the features, the schedule can be slipped. Failing to adjust the feature set or schedule when
problems are discovered can lead to rushed work and flawed systems.
Over Commitment by the developer: High enthusiasm can lead to over commitment by the
developer. In these situations, developers are usually unable to adhere to deadlines or quality due to
lack of resources or required skills on the team.
Insufficient testing and quality control: Insufficient testing is also a major source of breakdown
of e-commerce systems during operations, as testing must be done during all phases of development.
Inadequate requirements gathering: A short time to market results in developers starting work on
the Web site development without truly understanding the business and technical requirements.
Also, developers may create client-side scripts using language that may not work on some client
browsers.
Keeping pace with the fast changing Technology: New technologies are constantly introduced.
There may not be adequate time to develop expertise in the new technologies. This is a problem for
two reasons. First, the technology may not be properly implemented. Second, the technology may
not integrate well with the existing environment.
Testing Principles
Testing Objectives
Kinds of Testing
Black Box Testing- Not based on any knowledge of internal designs or code. Tests are based on
requirements and functionality.
White Box Testing- Based on the knowledge of the internal logic of an application’s code. Tests are
based on coverage of code statements, branches, paths and statements.
Unit Testing- The most ‘micro’ scale of testing; to test particular functions and code modules.
Typically done by the programmer and not by the testers, as it requires detailed knowledge of the
internal program design and code. Not always easily done unless the application has a well-designed
architecture with tight code; may require developing test driver modules or test harnesses.
Integration Testing- Testing of combined parts of an application to determine if they function
together correctly. The ‘parts’ can be code modules, individual applications, client and server
applications on a network, etc. This type of testing is especially relevant to client/ server and
distributed systems.
Functional Testing- Black-box type testing geared to functional requirements of an application;
testers should do this type of testing. This doesn’t mean that the programmers shouldn’t check that
their code works before releasing it.
Regression Testing- Re-testing after fixes or modifications of the software or its environment. It is
difficult to determine how much re testing is needed, especially near the end of the development
cycle. Automated testing tools can be especially useful for this type of testing.
Acceptance Testing- Final testing based on the specifications of the end user or customer or based
on use by end-users/ customers over some limited period of time.
User Acceptance Testing- Determining if software is satisfactory to an end user customer.
The software engineering process can be viewed as a spiral. Initially system engineering defines the role of
software and leads to software requirement analysis where the information domain, functions, behavior,
performance, constraints and validation criteria for software are established. Moving inward along the
spiral, we come to design and finally to coding. To develop computer software we spiral in along
streamlines that decrease the level of abstraction on each turn.
A strategy for software testing may also be viewed in the context of the spiral. Unit testing begins at the
vertex of the spiral and concentrates on each unit of the software as implemented in source code. Testing
progress by moving outward along the spiral to integration testing, where the focus is on the design and the
construction of the software architecture. Talking another turn on outward on the spiral we encounter
validation testing where requirements established as part of software requirements analysis are validated
against the software that has been constructed. Finally we arrive at system testing, where the software and
other system elements are tested as a whole.
Unit testing focuses verification effort on the smallest unit of software design, the module. The unit testing
we have is white box oriented and some modules the steps are conducted in parallel.
White Box Testing
This type of testing ensures that
All independent paths have been exercised at least once.
All logical decisions have been exercised on their true and false sides.
All loops are executed at their boundaries and within their operational bounds.
All internal data structures have been exercised to assure their validity.
To follow the concept of white box testing we have tested each form .we have created independently to
verify that Data flow is correct, All conditions are exercised to check their validity, All loops are executed
on their boundaries.
Established technique of flow graph with cyclomatic complexity was used to derive test cases for all the
functions. The main steps in deriving test cases were:
Use the design of the code and draw correspondent flow graph.
In this part of the testing each of the conditions were tested to both true and false aspects. And all the
resulting paths were tested. So that each path that may be generate on particular condition is traced to
uncover any possible errors.
This type of testing selects the path of the program according to the location of definition and use of
variables. This kind of testing was used only when some local variable were declared. The definition-use
chain method was used in this type of testing. These were particularly useful in nested statements.
In this type of testing all the loops are tested to all the limits possible. The following exercise was adopted
for all loops:
All the loops were tested at their limits, just above them and just below them.
All the loops were skipped at least once.
For nested loops test the inner most loop first and then work outwards.
For concatenated loops the values of dependent loops were set with the help of connected loop.
Unstructured loops were resolved into nested loops or concatenated loops and tested as above.
Each unit has been separately tested by the development team itself and all the input have been validated.
6. SCREENSHOT
Fig.5
Registration Page:
Login Page
About Us:
Crawler:
Scanner:
Scan History:
Report:
6.2. BACK END SCREENSHOT
Cwvs:
Test:
Test Structure:
Test_results:
User:
User Structure:
Vulnerabilities:
Vulnerabilities Structure:
7.Security Analysis Of Website:
Security is the most important part of any website or development process which is related to internet. We
have done a lot of studies on different kinds of websites related to PHP, HTML, Java –Script and CSS to
make our website more and more secure. In context of that we found a lot of vulnerabilities and traced
several me thods for securing this. For that we made some protections and developments in it. Secured
from:-
Sql injection
XSS
File upload
Sql injection:
SQL Injection is one of the many web attack mechanisms used by hackers to steal data from organizations.
It is perhaps one of the most common application layer attack techniques used today. It is the type of attack
that takes advantage of improper coding of your web applications that allows hacker to inject SQL
commands into say a login form to allow them to gain access to the data held within your database.
In essence, SQL Injection arises because the fields available for user input allow SQL statements to pass
through and query the database directly.
Why is it possible to pass SQL queries directly to a database that is hidden behind a firewall and any
other security mechanism?
Firewalls and similar intrusion detection mechanisms provide little or no defense against full-scale SQL
Injection web attacks.
Since your website needs to be public, security mechanisms will allow public web traffic to communicate
with your web application/s (generally over port 80/443). The web application has open access to the
database in order to return (update) the requested (changed) information.
In SQL Injection, the hacker uses SQL queries and creativity to get to the database of sensitive corporate
data through the web application.
SQL or Structured Query Language is the computer language that allows you to store, manipulate, and
retrieve data stored in a relational database (or a collection of tables which organise and structure data). SQL
is, in fact, the only way that a web application (and users) can interact with the database. Examples of
relational databases include Oracle, Microsoft Access, MS SQL Server, MySQL, and Filemaker Pro, all of
which use SQL as their basic building blocks.
SQL commands include SELECT, INSERT, DELETE and DROP TABLE. DROP TABLE is as ominous as
it sounds and in fact will eliminate the table with a particular name.
Once an attacker realizes that a system is vulnerable to SQL Injection, he is able to inject SQL Query /
Commands through an input form field. This is equivalent to handing the attacker your database and
allowing him to execute any SQL command including DROP TABLE to the database!
An attacker may execute arbitrary SQL statements on the vulnerab le system. This may compromise the
integrity of your database and/or expose sensitive information. Depending on the back-end database in use,
SQL injection vulnerabilities lead to varying levels of data/system access for the attacker. It may be possible
to manipulate existing queries, to UNION (used to select related information from two tables) arbitrary data,
use sub selects, or append additional queries.
In some cases, it may be possible to read in or write out to files, or to execute shell commands on the
underlying operating system. Certain SQL Servers such as Microsoft SQL Server contain stored and
extended procedures (database server functions). If an attacker can obtain access to these procedures, it
could spell disaster.
Unfortunately the impact of SQL Injection is only uncovered when the theft is discovered. Data is being
unwittingly stolen through various hack attacks all the time. The more expert of hackers rarely get caught.\
Prevention: In this website we use secure coding to to prevent it from sql injection like we filter script like
quote(‘). On my manual testing on this software we found that website is secure from sql attack.
XSS(Cross site scripting)
Hackers are constantly experimenting with a wide repertoire of hacking techniques to compromise websites
and web applications and make off with a treasure trove of sensitive data including credit card numbers,
social security numbers and even medical records.Cross Site Scripting (also known as XSS or CSS) is
generally believed to be one of the most common application layer hacking techniques.
In the pie-chart below, created by the Web Hacking Incident Database for 2011 (WHID) clearly shows that
whilst many different attack methods exist, SQL injection and XSS are the most popular. To add to this,
many other attack methods, such as Information Disclosures, Content Spoofing and Stolen Credentials
could all be side-effects of an XSS attack
Attacking scenario is shown ih the above diagram that how much exploit techniques can be used
regarding security issues. Here we can see that the maximum percentage is of XSS attack which is a
major issue for a now days security. Today, websites rely heavily on complex web applications to deliver
different output or content to a wide variety of users according to set preferences and specific needs. This
arms organizations with the ability to provide better value to their customers and prospects. However,
dynamic websites suffer from serious vulnerabilities rendering organizations helpless and prone to cross site
scripting attacks on their data.
"A web page contains both text and HTML markup that is generated by the server and interpreted by the
client browser. Web sites that generate only static pages are able to have full control over how the browser
interprets these pages. Web sites that generate dynamic pages do not have complete control over how their
outputs are interpreted by the client. The heart of the issue is that if mistrusted content can be introduced
into a dynamic page, neither the web site nor the client has enough information to recognize that this has
happened and take protective actions." (CERT Coordination Center).
Cross Site Scripting allows an attacker to embed malicious JavaScript, VBScript, ActiveX, HTML, or Flash
into a vulnerable dynamic page to fool the user, executing the script on his machine in order to gather data.
The use of XSS might compromise private information, manipulate or steal cookies, create requests that can
be mistaken for those of a valid user, or execute malicious code on the end-user systems. The data is usually
formatted as a hyperlink containing malicious content and which is distributed over any possible means on
the internet.
As a hacking tool, the attacker can formulate and distribute a custom-crafted CSS URL just by using a
browser to test the dynamic website response. The attacker also needs to know some HTML, JavaScript and
a dynamic language, to produce a URL which is not too suspicious-looking, in order to attack a XSS
vulnerable website.
Any web page which passes parameters to a database can be vulnerable to this hacking technique. Usually
these are present in Login forms, Forgot Password forms, etc…
N.B. Often people refer to Cross Site Scripting as CSS or XSS, which is can be confused with Cascading
Style Sheets (CSS).
File upload:
This vulnerability is very dangerous. At uploading point hacker take advantage and upload shell in website.
If shell is successfully uploaded by hacker then he/she can do any thing with your website as well as server.
Shell provide interaction between software and hardware. Hacker can destroy your whole software from
server and steal your confidential information.
Prevention: To make safety from this type of attack we use pre-defined secured code which is coded by
OWASP. We use it both side server as well as client side. This Project is fully tested by the Security Analyst
and fix all the bug.
8. FUTURE ENHANCEMENT
Nothing can be ended in a single step. It is the fact that nothing is permanent in this world. So this
project also has some future enhancements in the evergreen and booming IT industry. Change is inevitable.
The project entitled “Complete Web Vulnerabilities Scanner” was successfully designed developed and
tested. The system and the architecture is a compatible one, so addition of new modules can be done without
much difficulty. Since this module has its unique properties it can extend further to make this system a
complete one.
Scope
It provides the Security Analyst with all the necessary security issues and its solution to prevent
by the hackers.
It provides the users with all the necessary privileges to access and modify the data intended for them.
It doesn’t entirely replace the existing system but it mostly automize the Scanning process and all the data
used.
Success Criteria
This software automates the manual Scanning process. We believe that once the organization
chooses to use this system, it will eventually recognize the value and necessity of this system and
understand the problems involved in the manual process.
9. CONCLUSION
The project provides much security. The simplicity and friendliness are the advantages of this project. The
Software is made user friendly to the maximum so that anyone can run the software provided he could
access to the system via the login password.
This project manages all details without any risk. All the objectives were met with satisfaction. The
performance of the system is found to be satisfactory.
10.BIBLIOGRAPHY
Development kit
www.adove.com
www.w3c.com
www.w3school.com
www.php.net/manual
www.adove.com/in/products/dreamweaver.html
www.html.net