Affiliations: [a] Department of Computer Science, Barani Institute of Management Sciences, Rawalpindi, Pakistan | [b] Department of Computer Science, Faculty of Computing and Information Technology, University of the Punjab, Lahore, Pakistan | [c] Faculty of Science and Technology, ILMA University, Karachi, Pakistan | [d] Research & Development Institute of Northwestern Polytechnical University in Shenzhen, Shenzhen 518057, China | [e] Centre for Cyber Security Research and Innovation (CSRI), Deakin University, Geelong, VIC 3220, Australia | [f] Department of Computer Science, Sindh Madressatul Islam University, Karachi, Pakistan
Abstract: Web applications play a vital role in modern digital world. Their pervasiveness is mainly underpinned by numerous technological advances that can often lead to misconfigurations, thereby opening a way for a variety of attack vectors. The rapid development of E-commerce, big data, cloud computing and other technologies, further enterprise services are entering to the internet world and have increasingly become the key targets of network attacks. Therefore, the appropriate remedies are essential to maintain the very fabric of security in digital world. This paper aims to identify such vulnerabilities that need to be addressed for ensuring the web security. We identify and compare the static, dynamic, and hybrid tools that can counter the prevalent attacks perpetrated through the identified vulnerabilities. Additionally, we also review the applications of AI in intrusion detection and pinpoint the research gaps. Finally, we cross-compare the various security models and highlight the relevant future research directions.
Keywords: Web security, vulnerabilities, E-commerce, cyber-attacks, deep learning
