Detecting Vulnerabilities of Web Application Using Penetration Testing and Prevent Using Threat Modeling

The number of Web attacks is increasing gradually, mainly the popularity of Web application in organization, school, and colleges. For this reason, the security of their sensitive information against attacker becomes very important for all organization and companies. In this paper, we describe different type of Web application attack like SQL injection, XSS attack, CSRF attack, and Buffer overflow. Besides, we discuss about different types of penetration tools for Web applications. Penetration testing try to find the vulnerabilities of Web application so that we can build a defense mechanism to deal with Web attack. Finally, we build attack trees and defense trees to represent the attacks and to prevent those attack.