OWASP A03 Injection Vulnerability in Web Application Development

Authors

  • Phei-Chin Lim Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak, 94300 Kota Samarahan, Sarawak, Malaysia
  • Ging-Wei Andy Chieng Asia Pacific Cloud Continuous Operation & Delivery Department, Huawei Technologies Co. Ltd., 50400 Kuala Lumpur, Malaysia
  • Huo-Chong Ling School of Science, Engineering & Technology, RMIT University Vietnam, 700000 Ho Chi Minh City, Vietnam
  • Nurfauza Jali Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak, 94300 Kota Samarahan, Sarawak, Malaysia

DOI:

https://doi.org/10.37934/araset.57.1.107116

Keywords:

OWASP Top 10, Web application vulnerability, Web security, SQL injection

Abstract

Web applications are crucial for businesses and individuals by providing efficient communication, collaboration, and access to services and information via browsers, boosting connectedness, productivity, and creativity in the digital era. Insecure web applications pose risks of data breaches, malware, and unauthorized access which jeopardize user privacy, trust, and organizational security. Web developers must be knowledgeable and prepared to deal with common vulnerabilities in web applications. A prototype web application (https://webriska3.tech) with lesson and editor module is developed to train web developers on the Open Web Application Security Project (OWASP) Top Ten security risks, focusing on A03 - Injection vulnerability. OWASP A03 Injection vulnerability is one of the most common vulnerabilities that is at the heart of any database-driven web applications. Evaluation on the prototype in improvement knowledge on A03 – Injection vulnerability, testers are recruited to complete two coding tasks in laboratory environment. 80% of testers mastered Output escaping/encoding defensive technique while Prepared statement/Parameterized Query defensive technique is the hardest to master. The prototype obtained average System Usability Scale (SUS) score of 57 that is below average, indicating issues with the prototype interface. This work showed promising results of increase understanding on A03 Injection vulnerability and implementation skills to protect web application against attack and exploitations.

Downloads

Download data is not yet available.

Author Biographies

Phei-Chin Lim, Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak, 94300 Kota Samarahan, Sarawak, Malaysia

pclim@unimas.my

Ging-Wei Andy Chieng, Asia Pacific Cloud Continuous Operation & Delivery Department, Huawei Technologies Co. Ltd., 50400 Kuala Lumpur, Malaysia

andy.chieng.wei@huawei.com

Huo-Chong Ling, School of Science, Engineering & Technology, RMIT University Vietnam, 700000 Ho Chi Minh City, Vietnam

huochong.ling@rmit.edu.vn

Nurfauza Jali, Faculty of Computer Science and Information Technology, Universiti Malaysia Sarawak, 94300 Kota Samarahan, Sarawak, Malaysia

jnurfauza@unimas.my

Downloads

Published

2024-10-04

Issue

Section

Articles

Most read articles by the same author(s)