Dalat University Journal of Science

The Internet has been developing extremely rapidly, connecting more than 30% of the world population, with more than 2.2 billion users. It has brought benefits as well as risks.In 2005, the world lost over $445 billion while, Vietnam lost approximately 8,700 billion VNĐ due to the incidents of cyber attacks, in which 5,226 Websites of agencies and businesses in Vietnam were attacked. This is mainly due to the hackers’ progress, the advent of new technologies, and the fact that today’s systems are increasingly complex and it is difficult to manage all risks. Therefore, studying the risks for Web-based applications is the urgent need for organizations deploying web applications on the Internet. In this article, we will analyze the most common vulnerabilities of Web-based applications and recommend methods for detection.

Security; Web-based applications; Web security.

Bavisi, J. (2016). Certified ethical hacking certification. Retrieved from https://www. eccouncil.org/programs/certified-ethical-hacker-ceh/

Codedx. (2017). Security misconfiguration. Retrieved from http://codedx.com/security-misconfigura-tion/

CodeProject. (2017). Developing secure web applications: XSS attack, the confused deputy and over-posting. Retrieved from http://www.codeproject.com/Tips/ 845612/Developing-Secure-Web-Applications-XSS-Attack-the/

Data, R. (2016). SQL injection. Retrieved from https://www.w3schools.com/sql/sql_injection.asp/

Hackingstuffs. (2017). Cookies Stealing. Retrieved from https://hackingstuffs.com/ attacks/cookies-stealing/

The OWASP Foundation. (2017a). The open web application security project. Retrieved from https://www.owasp.org/index.php/CrossSite_Request_Forgery/

The OWASP Foundation. (2017b). The open web application security project. Retrieved from https://www.owasp.org/index.php/OWASP Periodic Table of Vulnerabilities_-_Insufficient_Transport_Layer_Protection/

Veracode. (2017). Insecure cryptographic storage. Retrieved from http://www.veracode. com/security/insecure-crypto/