In recent years, a large body of research has addressed the persistent challenges of web application security by developing advanced detection and mitigation techniques. Early contributions laid the foundations for a structured classification of web vulnerabilities, which has since evolved in response to an increasingly dynamic threat landscape. Current detection strategies are often based on static application security tests (SAST), which analyze source code without executing it, and dynamic application security tests (DAST), which evaluate applications at runtime. Hybrid approaches that integrate both methods have confirmed greater accuracy in detecting vulnerabilities. At the same time, machine learning has occurred as a promising avenue for anomaly-based detection, enabling systems to recognize abnormal behavior by modeling typical web traffic patterns. This paper provides an overview of academic contributions and proposed countermeasures to reveal web attacks and vulnerabilities. It then examines the main detection methodologies and testing tools, highlighting their respective advantages and limitations. Finally, it presents a series of machine learning solutions and algorithmic approaches aimed at improving the overall security of web applications.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Securing the Web: Detection Approaches, Evaluation Tools, and Proactive Countermeasures

  • Laila Bensahab,
  • Hayat Khaloufi,
  • Karim Abouelmehdi

摘要

In recent years, a large body of research has addressed the persistent challenges of web application security by developing advanced detection and mitigation techniques. Early contributions laid the foundations for a structured classification of web vulnerabilities, which has since evolved in response to an increasingly dynamic threat landscape. Current detection strategies are often based on static application security tests (SAST), which analyze source code without executing it, and dynamic application security tests (DAST), which evaluate applications at runtime. Hybrid approaches that integrate both methods have confirmed greater accuracy in detecting vulnerabilities. At the same time, machine learning has occurred as a promising avenue for anomaly-based detection, enabling systems to recognize abnormal behavior by modeling typical web traffic patterns. This paper provides an overview of academic contributions and proposed countermeasures to reveal web attacks and vulnerabilities. It then examines the main detection methodologies and testing tools, highlighting their respective advantages and limitations. Finally, it presents a series of machine learning solutions and algorithmic approaches aimed at improving the overall security of web applications.