Academic Papers on Web Application Security


I found a useful resource containing a whole list of academic papers on web-application security.

This list represents an attempt to collect academic papers on the subject of Web application security sorted by the year of publication.

Hacking web applications has become a big thing in the last 5 years, just look at the number of holes found in common PHP applications.

It has papers from 2004-2006.

Subjects cover a good range including:

  • SQLrand: Preventing SQL Injection Attacks
  • Bypass Testing of Web Applications
  • Defining a Set of Common Benchmarks for Web Application Security
  • The Essence of Command Injection Attacks in Web Applications
  • A Practical Approach for Defeating a Wide Range of Attacks

You can find the resource here:

Academic Papers in Web Application Security

Vulnerabilities in custom web applications are the most common flaws I find during penetration testing nowadays. It is a very important area and these papers should help your knowledge on both sides of the fence.

Posted in: Web Hacking

, , , ,


Latest Posts:


CredNinja - Test Credential Validity of Dumped Credentials or Hashes CredNinja – Test Credential Validity of Dumped Credentials or Hashes
CredNinja is a tool to quickly test credential validity of dumped credentials (or hashes) across an entire network or domain very efficiently.
assetfinder - Find Related Domains and Subdomains assetfinder – Find Related Domains and Subdomains
assetfinder is a Go-based tool to find related domains and subdomains that are related to a given domain from a variety of sources including Facebook and more.
Karkinos - Beginner Friendly Penetration Testing Tool Karkinos – Beginner Friendly Penetration Testing Tool
Karkinos is a light-weight Beginner Friendly Penetration Testing Tool, which is basically a 'Swiss Army Knife' for pen-testing and/or hacking CTF's.
Aclpwn.Py - Exploit ACL Based Privilege Escalation Paths in Active Directory Aclpwn.Py – Exploit ACL Based Privilege Escalation Paths in Active Directory
Aclpwn.py is a tool that interacts with BloodHound< to identify and exploit ACL based privilege escalation paths.
Vulhub - Pre-Built Vulnerable Docker Environments For Learning To Hack Vulhub – Pre-Built Vulnerable Docker Environments For Learning To Hack
Vulhub is an open-source collection of pre-built vulnerable docker environments for learning to hack. No pre-existing knowledge of docker is required, just execute two simple commands.
LibInjection - Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) LibInjection – Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS)
LibInjection is a C library to Detect SQL Injection (SQLi) and Cross-Site Scripting (XSS) through lexical analysis of real-world Attacks.


One Response to Academic Papers on Web Application Security

  1. Sandeep Nain July 4, 2007 at 7:21 am #

    Thanks Darknet for providing these resources. and I appreciate the efforts you guys are putting in making the world aware of these vulnerabilities