• Nguyễn Sĩ Hòa The Faculty of Information Technology and Telecommunication, VNU University of Science, Viet Nam,
  • Lại Thị Nhung The Faculty of Basic Science, Namdinh University of Nursing, Viet Nam,
  • Đặng Thanh Hải The Faculty of Information Technology, Dalat University, Viet Nam,




Security, Web-based applications, Web security.


The Internet has been developing extremely rapidly, connecting more than 30% of the world population, with more than 2.2 billion users. It has brought benefits as well as risks.In 2005, the world lost over $445 billion while, Vietnam lost approximately 8,700 billion VNĐ due to the incidents of cyber attacks, in which 5,226 Websites of agencies and businesses in Vietnam were attacked. This is mainly due to the hackers’ progress, the advent of new technologies, and the fact that today’s systems are increasingly complex and it is difficult to manage all risks. Therefore, studying the risks for Web-based applications is the urgent need for organizations deploying web applications on the Internet. In this article, we will analyze the most common vulnerabilities of Web-based applications and recommend methods for detection.


Bavisi, J. (2016). Certified ethical hacking certification. Retrieved from https://www. eccouncil.org/programs/certified-ethical-hacker-ceh/

Codedx. (2017). Security misconfiguration. Retrieved from http://codedx.com/security-misconfigura-tion/

CodeProject. (2017). Developing secure web applications: XSS attack, the confused deputy and over-posting. Retrieved from http://www.codeproject.com/Tips/ 845612/Developing-Secure-Web-Applications-XSS-Attack-the/

Data, R. (2016). SQL injection. Retrieved from https://www.w3schools.com/sql/sql_injection.asp/

Hackingstuffs. (2017). Cookies Stealing. Retrieved from https://hackingstuffs.com/ attacks/cookies-stealing/

The OWASP Foundation. (2017a). The open web application security project. Retrieved from https://www.owasp.org/index.php/CrossSite_Request_Forgery/

The OWASP Foundation. (2017b). The open web application security project. Retrieved from https://www.owasp.org/index.php/OWASP Periodic Table of Vulnerabilities_-_Insufficient_Transport_Layer_Protection/

Veracode. (2017). Insecure cryptographic storage. Retrieved from http://www.veracode. com/security/insecure-crypto/



Volume and Issues


Natural Sciences and Technology

How to Cite

Hòa, N. S., Nhung, L. T., & Hải, Đặng T. (2017). A STUDY ON SECURITY FOR WEB-BASED APPLICATIONS. Dalat University Journal of Science, 7(2), 231-246. https://doi.org/10.37569/DalatUniversity.7.2.241(2017)

Similar Articles

1-10 of 80

You may also start an advanced similarity search for this article.