OWASP A03 Injection Vulnerability in Web Application Development

Lim, Phei Chin and Andy Chieng, Ging Wei and Ling, Huo Chong and Nurfauza, Jali (2026) OWASP A03 Injection Vulnerability in Web Application Development. Journal of Advanced Research in Applied Sciences and Engineering Technology, 57 (1). pp. 107-116. ISSN 2462-1943

[img] PDF
OWASP A03 Injection.pdf

Download (539kB)
Official URL: https://semarakilmu.com.my/journals/index.php/appl...

Abstract

Web applications are crucial for businesses and individuals by providing efficient communication, collaboration, and access to services and information via browsers, boosting connectedness, productivity, and creativity in the digital era. Insecure web applications pose risks of data breaches, malware, and unauthorized access which jeopardize user privacy, trust, and organizational security. Web developers must be knowledgeable and prepared to deal with common vulnerabilities in web applications. A prototype web application (https://webriska3.tech) with lesson and editor module is developed to train web developers on the Open Web Application Security Project (OWASP) Top Ten security risks, focusing on A03 - Injection vulnerability. OWASP A03 Injection vulnerability is one of the most common vulnerabilities that is at the heart of any database-driven web applications. Evaluation on the prototype in improvement knowledge on A03 – Injection vulnerability, testers are recruited to complete two coding tasks in laboratory environment. 80% of testers mastered Output escaping/encoding defensive technique while Prepared statement/Parameterized Query defensive technique is the hardest to master. The prototype obtained average System Usability Scale (SUS) score of 57 that is below average, indicating issues with the prototype interface. This work showed promising results of increase understanding on A03 Injection vulnerability and implementation skills to protect web application against attack and exploitations.

Item Type: Article
Additional Information: Information, Communication and Creative Technology
Uncontrolled Keywords: OWASP Top 10; Web application vulnerability; Web security; SQL injection.
Subjects: Q Science > QA Mathematics > QA76 Computer software
T Technology > T Technology (General)
Divisions: Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Faculties, Institutes, Centres > Faculty of Computer Science and Information Technology
Academic Faculties, Institutes and Centres > Faculty of Computer Science and Information Technology
Depositing User: Phei Chin
Date Deposited: 09 Oct 2024 03:33
Last Modified: 09 Oct 2024 03:33
URI: http://ir.unimas.my/id/eprint/46267

Actions (For repository members only: login required)

View Item View Item