Academic Papers on Web Application Security


I found a useful resource containing a whole list of academic papers on web-application security.

This list represents an attempt to collect academic papers on the subject of Web application security sorted by the year of publication.

Hacking web applications has become a big thing in the last 5 years, just look at the number of holes found in common PHP applications.

It has papers from 2004-2006.

Subjects cover a good range including:

  • SQLrand: Preventing SQL Injection Attacks
  • Bypass Testing of Web Applications
  • Defining a Set of Common Benchmarks for Web Application Security
  • The Essence of Command Injection Attacks in Web Applications
  • A Practical Approach for Defeating a Wide Range of Attacks

You can find the resource here:

Academic Papers in Web Application Security

Vulnerabilities in custom web applications are the most common flaws I find during penetration testing nowadays. It is a very important area and these papers should help your knowledge on both sides of the fence.

Posted in: Web Hacking

, , , ,


Latest Posts:


GKE Auditor - Detect Google Kubernetes Engine Misconfigurations GKE Auditor – Detect Google Kubernetes Engine Misconfigurations
GKE Auditor is a Java-based tool to detect Google Kubernetes Engine misconfigurations, it aims to help security & dev teams streamline the configuration process
zANTI - Android Wireless Hacking Tool Free Download zANTI – Android Wireless Hacking Tool Free Download
zANTI is an Android Wireless Hacking Tool that functions as a mobile penetration testing toolkit that lets you assess the risk level of a network using mobile.
HELK - Open Source Threat Hunting Platform HELK – Open Source Threat Hunting Platform
The Hunting ELK or simply the HELK is an Open-Source Threat Hunting Platform with advanced analytics capabilities such as SQL declarative language, graphing etc
trape - OSINT Analysis Tool For People Tracking Trape – OSINT Analysis Tool For People Tracking
Trape is an OSINT analysis tool, which allows people to track and execute intelligent social engineering attacks in real-time.
Fuzzilli - JavaScript Engine Fuzzing Library Fuzzilli – JavaScript Engine Fuzzing Library
Fuzzilii is a JavaScript engine fuzzing library, it's a coverage-guided fuzzer for dynamic language interpreters based on a custom intermediate language.
OWASP APICheck - HTTP API DevSecOps Toolset OWASP APICheck – HTTP API DevSecOps Toolset
APICheck is an HTTP API DevSecOps toolset, it integrates existing tools, creates execution chains easily and is designed for integration with 3rd parties.


One Response to Academic Papers on Web Application Security

  1. Sandeep Nain July 4, 2007 at 7:21 am #

    Thanks Darknet for providing these resources. and I appreciate the efforts you guys are putting in making the world aware of these vulnerabilities