Journal of Cyber Security and Risk Auditing

ISSN: 3079-5354 (Online)

Analytical Analysis of Cyber Threats and Defense Mechanisms for Web Application Security

by 

Bashaer Almelehy ;

Mohammad Ahmad ;

Ghalia Nassreddine ;

Mohammed Maayah ;

Aparna Achanta

PDF logoPDF

Published: 2025/07/02

Abstract

The use of internet technologies offers numerous advantages and has significantly transformed our daily lives, becoming a primary means of communication. Additionally, many businesses have shifted their services to digital platforms by leveraging web application technologies. As a result, vast amounts of data are exchanged between users and web applications—much of which contains sensitive and critical information. This makes them prime targets for cyber-attacks, including data theft and the unauthorized disclosure of confidential information. According to the Open Web Application Security Project (OWASP), there are ten major risks that pose significant threats to web applications. In response, this paper aims to provide a thorough understanding of web applications, the potential cyber threats they face, and a detailed review of existing literature related to cybersecurity risks in web applications. To achieve this, a comprehensive literature review will be conducted to identify the primary vulnerabilities in web applications and explore current methods for mitigating and preventing these security threats.

Keywords

Web Applications Cyber-AttacksOpen Web Application Security Project (OWASP)Security threats

Doi Link

https://doi.org/10.63180/jcsra.thestap.2025.3.4

How to Cite the Article

Almelehy, B., Ahmad, M., Nassreddine, G., Maayah, M., & Achanta, A. (2025). Analytical Analysis of Cyber Threats and Defense Mechanisms for Web Application Security. Journal of Cyber Security and Risk Auditing, 2025(3), 57–76. https://doi.org/10.63180/jcsra.thestap.2025.3.4

Analytical Analysis of Cyber Threats and Defense Mechanisms for Web Application Security is licensed under CC BY 4.0CCBY

References

  1. Abdoulaye Kindy, D., & Khan Pathan, A.-S. A Detailed Survey on Various Aspects of SQL Injection in Web Applications: Vulnerabilities, Innovative Attacks, and Remedies. International Journal DRAFT.
  2. Aliga, A. P., John-Otumu, A. M., Imhanhahimi, R. E., & Akpe, A. C. (2018). Cross Site Scripting Attacks in Web-Based Applications. Journal of Advances in Science and Engineering, 1(2), 25–35.
  3. Alenezi, M., Nadeem, M., & Asif, R. (2020). SQL Injection Attacks Countermeasures Assessments. Indonesian Journal of Electrical Engineering and Computer Science, 21(2), 1121–1131. https://doi.org/10.11591/ijeecs.v21.i2.pp1121-1131
  4. Babiker, M., Karaarslan, E., & Hoscan, Y. (2018, March). Web Application Attack Detection and Forensics: A Survey. In 2018 6th International Symposium on Digital Forensic and Security (ISDFS) (pp. 1–6). IEEE.
  5. Batista, L., Silva, G., Araújo, V., Rezende, T., Guimarães, A., & Souza, P. (2018). Fuzzy Neural Networks to Create an Expert System for Detecting Attacks by SQL Injection. The International Journal of Forensic Computer Science, 13(1), 8–21. https://doi.org/10.5769/j201801001
  6. Gu, H., Zhang, J., Liu, T., Hu, M., Zhou, J., Wei, T., & Chen, M. (2019). DIAVA: A Traffic-Based Framework for Detection of SQL Injection Attacks and Vulnerability Analysis of Leaked Data. IEEE Transactions on Reliability, 69(1), 188–202.
  7. Darus, M. Y. (2020). Web Vulnerability Assessment Tool for Content Management System. International Journal of Advanced Trends in Computer Science and Engineering, 9(1.3), 440–444. https://doi.org/10.30534/ijatcse/2020/6991.32020
  8. Deepa, G., & Thilagam, P. S. (2016). Securing Web Applications from Injection and Logic Vulnerabilities: Approaches and Challenges. Information and Software Technology, 74, 160–180. https://doi.org/10.1016/j.infsof.2016.02.005
  9. Divyaniyadav, Gupta, D., Singh, D., Kumar, D., & Sharma, U. (2018, December). Vulnerabilities and Security of Web Applications. 2018 4th International Conference on Computing Communication and Automation (ICCCA). https://doi.org/10.1109/CCAA.2018.8777558
  10. Hadabi, A., Elsamani, E., Abdallah, A., & Elhabob, R. An Efficient Model to Detect and Prevent SQL Injection Attack.
  11. Halfond, W. G. J., Viegas, J., & Orso, A. (2006). A Classification of SQL Injection Attacks and Countermeasures.
  12. Hashim, A., Medani, R., & Attia, T. A. (2021, February 26). Defences against Web Application Attacks and Detecting Phishing Links Using Machine Learning. Proceedings of the 2020 International Conference on Computer, Control, Electrical, and Electronics Engineering (ICCCEEE 2020). https://doi.org/10.1109/ICCCEEE49695.2021.9429609
  13. Hasan, M., Balbahaith, Z., & Tarique, M. (2019, November). Detection of SQL Injection Attacks: A Machine Learning Approach. In 2019 International Conference on Electrical and Computing Technologies and Applications (ICECTA) (pp. 1–6). IEEE.
  14. Hassan, M. M., Nipa, S. S., Akter, M., Haque, R., Deepa, F. N., Rahman, M., ... & Sharif, M. H. (2018). Broken Authentication and Session Management Vulnerability: A Case Study of Web Application. International Journal of Simulation Systems, Science & Technology, 19(2), 6–1.
  15. Harefa, J., Prajena, G., Alexander, A., Muhamad, A., Dewa, E., & Yuliandry, S. (2021). SEA WAF: The Prevention of SQL Injection Attacks on Web Applications. Advances in Science, Technology and Engineering Systems Journal, 6(2), 405–411. https://doi.org/10.25046/aj060247
  16. Hernes, M., Rot, A., & Jelonek, D. (n.d.). Studies in Computational Intelligence 887: Towards Industry 4.0 – Current Challenges in Information Systems. http://www.springer.com/series/7092
  17. Jemal, I., Cheikhrouhou, O., Hamam, H., & Mahfoudhi, A. (2020). SQL Injection Attack Detection and Prevention Techniques Using Machine Learning. International Journal of Applied Engineering Research, 15(6). http://www.ripublication.com
  18. Kar, D., Panigrahi, S., & Sundararajan, S. (2016). SQLiGoT: Detecting SQL Injection Attacks Using Graph of Tokens and SVM. Computers and Security, 60, 206–225. https://doi.org/10.1016/j.cose.2016.04.005
  19. Kareem, F. Q., Ameen, S. Y., Salih, A. A., Ahmed, D. M., Kak, S. F., Yasin, H. M., Ibrahim, I. M., Ahmed, A. M., Rashid, Z. N., & Omar, N. (2021). SQL Injection Attacks Prevention System Technology: Review. Asian Journal of Research in Computer Science, 13–32. https://doi.org/10.9734/ajrcos/2021/v10i330242
  20. Khera, Y., Kumar, D., Sujay, S., & Garg, N. (2019). Analysis and Impact of Vulnerability Assessment and Penetration Testing. Proceedings of the International Conference on Machine Learning, Big Data, Cloud and Parallel Computing: Trends, Perspectives and Prospects (COMITCon 2019), 525–530. https://doi.org/10.1109/COMITCon.2019.8862224
  21. Kubota, K., Oo, W. K. K., & Koide, H. (2020). A New Feature to Secure Web Applications. Proceedings of the 2020 8th International Symposium on Computing and Networking Workshops (CANDARW 2020), 334–340. https://doi.org/10.1109/CANDARW51189.2020.00071
  22. Kumar, Y., Satyanarayana, A. S., Kumar, A., & Sharma, V. (2021). Risks and Threats to Web Applications and Their Preventions: A Theoretical Study on Vital Risks and Threats. International Journal of Scientific Research in Computer Science, Engineering and Information Technology, 432–438. https://doi.org/10.32628/cseit217281
  23. Kumar, S., Amrita, B. J., Vidyapeetham, V., Santhosh Kumar, B. J., & Anaswara, P. P. (2018). Vulnerability detection and prevention of SQL injection. International Journal of Engineering & Technology, 7(2). https://www.researchgate.net/publication/346624353
  24. Nadeem, R. M., Saleem, R. M., Bashir, R., & Habib, S. (2017). Detection and prevention of SQL injection attack by dynamic analyzer and testing model. International Journal of Advanced Computer Science and Applications, 8(8), 209–214.
  25. Qbea'h, M., Alshraideh, M., & Sabri, K. E. (2016, August). Detecting and preventing SQL injection attacks: A formal approach. In 2016 Cybersecurity and Cyber forensics Conference (CCC) (pp. 123–129). IEEE.
  26. Raut, S., Nikhare, A., Punde, Y., Manerao, S., & Choudhary, S. (2019). A review on methods for prevention of SQL injection attack. International Journal of Scientific Research in Science and Technology, 463–470. https://doi.org/10.32628/ijsrst196258
  27. Sadqi, Y., & Maleh, Y. (2022). A systematic review and taxonomy of web applications threats. Information Security Journal, 31(1), 1–27. https://doi.org/10.1080/19393555.2020.1853855
  28. Singh, A., Sharma, A., Sharma, N., Kaushik, I., & Bhushan, B. (2019). Taxonomy of attacks on web-based applications. In 2019 2nd International Conference on Intelligent Computing, Instrumentation and Control Technologies (ICICICT). https://doi.org/10.1109/icicict46008.2019.8993264
  29. Shobana, R., & Suriakala, M. (2021). Bypassing two-factor authentication based on classification using Aho-Corasick matching algorithm for NoSQL databases. Turkish Journal of Computer and Mathematics Education, 12(10).
  30. Shinde, P. S., & Ardhapurkar, S. B. (2016, February). Cyber security analysis using vulnerability assessment and penetration testing. In 2016 World Conference on Futuristic Trends in Research and Innovation for Social Welfare (Startup Conclave) (pp. 1–5). IEEE.
  31. Stuttard, D., & Pinto, M. (n.d.-a). The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws.
  32. Su, Z. C., Hlaing, S., & Khaing, M. (n.d.). A detection and prevention technique on SQL injection attacks.
  33. Torkaman, A., Bahrololum, M., Tadayon, M. H., Atashzar, H., & Tadayon, M. H. (2011). A survey on web application vulnerabilities and countermeasures. http://www.soumu.go.jp
  34. Thombare, B., & Soni, D. (2022). Prevention of SQL injection attack by using black box testing. 23rd International Conference on Distributed Computing and Networking. https://doi.org/10.1145/3491003.3493233
  35. Varol, A., Karabatak, M., Varol, C., Fırat Üniversitesi, Institute of Electrical and Electronics Engineers. Turkey Section, & Institute of Electrical and Electronics Engineers. (n.d.). 6th International Symposium on Digital Forensic and Security: Proceeding Book, 22–25 March 2018, Antalya, Turkey.
  36. Zhu, A., & Yan, W. Q. (2017). Exploring defense of SQL injection attack in penetration testing. International Journal of Digital Crime and Forensics, 9(4), 62–71. https://doi.org/10.4018/IJDCF.2017100106
  37. Zuech, R., Hancock, J., & Khoshgoftaar, T. M. (2021, July). Detecting SQL injection web attacks using ensemble learners and data sampling. In 2021 IEEE International Conference on Cyber Security and Resilience (CSR) (pp. 27–34). IEEE.
  38. Ali, A., Almaiah, M. A., Hajjej, F., Pasha, M. F., Fang, O. H., Khan, R., ... & Zakarya, M. (2022). An industrial IoT-based blockchain-enabled secure searchable encryption approach for healthcare systems using neural network. Sensors, 22(2), 572.
  39. Al Nafea, R., & Almaiah, M. A. (2021, July). Cyber security threats in cloud: Literature review. In 2021 international conference on information technology (ICIT) (pp. 779-786). IEEE.
  40. Almaiah, M. A., Hajjej, F., Ali, A., Pasha, M. F., & Almomani, O. (2022). A novel hybrid trustworthy decentralized authentication and data preservation model for digital healthcare IoT based CPS. Sensors, 22(4), 1448.
  41. Altulaihan, E., Almaiah, M. A., & Aljughaiman, A. (2022). Cybersecurity threats, countermeasures and mitigation techniques on the IoT: Future research directions. Electronics, 11(20), 3330.
  42. Altulaihan, E., Almaiah, M. A., & Aljughaiman, A. (2024). Anomaly detection IDS for detecting DoS attacks in IoT networks based on machine learning algorithms. Sensors, 24(2), 713.