Nguyễn Sĩ Hòa, Lại Thị Nhung, Đặng Thanh Hải


The Internet has been developing extremely rapidly, connecting more than 30% of the world population, with more than 2.2 billion users. It has brought benefits as well as risks.In 2005, the world lost over $445 billion while, Vietnam lost approximately 8,700 billion VNĐ due to the incidents of cyber attacks, in which 5,226 Websites of agencies and businesses in Vietnam were attacked. This is mainly due to the hackers’ progress, the advent of new technologies, and the fact that today’s systems are increasingly complex and it is difficult to manage all risks. Therefore, studying the risks for Web-based applications is the urgent need for organizations deploying web applications on the Internet. In this article, we will analyze the most common vulnerabilities of Web-based applications and recommend methods for detection.


Security; Web-based applications; Web security.


Bavisi, J. (2016). Certified ethical hacking certification. Retrieved from https://www. eccouncil.org/programs/certified-ethical-hacker-ceh/

Codedx. (2017). Security misconfiguration. Retrieved from http://codedx.com/security-misconfigura-tion/

CodeProject. (2017). Developing secure web applications: XSS attack, the confused deputy and over-posting. Retrieved from http://www.codeproject.com/Tips/ 845612/Developing-Secure-Web-Applications-XSS-Attack-the/

Data, R. (2016). SQL injection. Retrieved from https://www.w3schools.com/sql/sql_injection.asp/

Hackingstuffs. (2017). Cookies Stealing. Retrieved from https://hackingstuffs.com/ attacks/cookies-stealing/

The OWASP Foundation. (2017a). The open web application security project. Retrieved from https://www.owasp.org/index.php/CrossSite_Request_Forgery/

The OWASP Foundation. (2017b). The open web application security project. Retrieved from https://www.owasp.org/index.php/OWASP Periodic Table of Vulnerabilities_-_Insufficient_Transport_Layer_Protection/

Veracode. (2017). Insecure cryptographic storage. Retrieved from http://www.veracode. com/security/insecure-crypto/

DOI: http://dx.doi.org/10.37569/DalatUniversity.7.2.241(2017)


  • There are currently no refbacks.

Copyright (c) 2017 Nguyễn Sĩ Hòa, Lại Thị Nhung, Đặng Thanh Hải

Creative Commons License
This work is licensed under a Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International License.
Editorial Office of DLU Journal of Science
Room.15, A25 Building, 01 Phu Dong Thien Vuong Street, Dalat, Lamdong
Email: tapchikhoahoc@dlu.edu.vn - Phone: (+84) 263 3 555 131

Creative Commons License
Based on Open Journal Systems
Developed by Information Technology Department