Securing Web Applications: A Practical Approach to Mitigating OWASP Top 10 Vulnerabilities

The exponential growth of online platforms and application has made us believe that securing web apps is more important to mitigate attacks viz., data breaches, frauds, unauthorized access etc. But web applications are still vulnerable in a number of ways that can be abused by attackers. In this con...

Full description

Saved in:

Bibliographic Details
Published in	VFAST Transactions on Software Engineering Vol. 13; no. 2; pp. 273 - 291
Main Authors	Khan, Shah Aftab, Azim, Nazia, Iqbal, Asad, Abbas, Hassan, Qureshi, Sawera
Format	Journal Article
Language	English
Published	30.06.2025
Online Access	Get full text
ISSN	2411-6246 2309-3978
DOI	10.21015/vtse.v13i2.2145

Cover

Loading…

Abstract	The exponential growth of online platforms and application has made us believe that securing web apps is more important to mitigate attacks viz., data breaches, frauds, unauthorized access etc. But web applications are still vulnerable in a number of ways that can be abused by attackers. In this context, we propose a pipeline to identify and reduce security threats in web applications, focusing on the OWASP Top 10 vulnerabilities — highly publicized risks with clear exploitation vector; namely: injection attacks, broken authentication, sensitive data exposure or cross-site scripting. For every vulnerability, we cover them with practical demonstrations by using BeeWAP (Beehive's Educational Web Application Platform), an intentionally vulnerable web application for the Web testing and security education purpose. The vulnerabilities are analyzed based on real-world contexts in BeeWAP platform, which helps to assess the implications of web application security. We are using techniques of standard tools like Burp Suite to find these weak points and also implementing countermeasures, hence gives an all-in-one manual focused on securing applications from threats.It elaborates a methodology to identify vulnerabilities, perform risk analysis to develop security models that respond specifically to the identified OWASP Top 10 vulnerabilities. In this paper, we demonstrate real-time risk mitigation by simulating common attack vectors and showing the resulting insight into good practices for securing web applications. In this direction, the present paper tries to step forward towards reconciliation between theory and practice, by providing a structured model that represents a compromise that security personnel and developers can use directly in order to improve defensive capability in applications. More specifically, our results emphasize the importance of constant vulnerability testing and continual training of cybersafety measures on protected infrastructures. These practices, when enacted by developers, can bolster defenses against the ever-evolving nature of cyber threats and ultimately lead to more trustworthy and reliable web applications.
AbstractList	The exponential growth of online platforms and application has made us believe that securing web apps is more important to mitigate attacks viz., data breaches, frauds, unauthorized access etc. But web applications are still vulnerable in a number of ways that can be abused by attackers. In this context, we propose a pipeline to identify and reduce security threats in web applications, focusing on the OWASP Top 10 vulnerabilities — highly publicized risks with clear exploitation vector; namely: injection attacks, broken authentication, sensitive data exposure or cross-site scripting. For every vulnerability, we cover them with practical demonstrations by using BeeWAP (Beehive's Educational Web Application Platform), an intentionally vulnerable web application for the Web testing and security education purpose. The vulnerabilities are analyzed based on real-world contexts in BeeWAP platform, which helps to assess the implications of web application security. We are using techniques of standard tools like Burp Suite to find these weak points and also implementing countermeasures, hence gives an all-in-one manual focused on securing applications from threats.It elaborates a methodology to identify vulnerabilities, perform risk analysis to develop security models that respond specifically to the identified OWASP Top 10 vulnerabilities. In this paper, we demonstrate real-time risk mitigation by simulating common attack vectors and showing the resulting insight into good practices for securing web applications. In this direction, the present paper tries to step forward towards reconciliation between theory and practice, by providing a structured model that represents a compromise that security personnel and developers can use directly in order to improve defensive capability in applications. More specifically, our results emphasize the importance of constant vulnerability testing and continual training of cybersafety measures on protected infrastructures. These practices, when enacted by developers, can bolster defenses against the ever-evolving nature of cyber threats and ultimately lead to more trustworthy and reliable web applications.
Author	Khan, Shah Aftab Iqbal, Asad Abbas, Hassan Qureshi, Sawera Azim, Nazia
Author_xml	– sequence: 1 givenname: Shah Aftab orcidid: 0009-0007-8886-2375 surname: Khan fullname: Khan, Shah Aftab – sequence: 2 givenname: Nazia orcidid: 0000-0002-3034-0917 surname: Azim fullname: Azim, Nazia – sequence: 3 givenname: Asad surname: Iqbal fullname: Iqbal, Asad – sequence: 4 givenname: Hassan surname: Abbas fullname: Abbas, Hassan – sequence: 5 givenname: Sawera orcidid: 0009-0008-9505-8737 surname: Qureshi fullname: Qureshi, Sawera
BookMark	eNotkM1qwzAQhEVJoWmae496AaeSJdtSbyb0D1ISiGmgF7NS1qnAtY3kBPr2VdKyh1lmZ_bw3ZJJ13dIyD1ni5Qznj2cxoCLExcujYbMrsg0FUwnQhdqEnfJeZKnMr8h8xCcYVIWucxEMSWfW7RH77oD3aGh5TC0zsLo-i480pJuPNgxGu354nuwX3Ts6bsb3SGGYmm9K7cbWvUD5Yx-HNsOPRjXxgCGO3LdQBtw_q8zUj0_VcvXZLV-eVuWq8QqkSVcmRQlIreAkDONjYizL4QyGlBpo5W02grOAITVUIBVTJl9mvGCw74RM8L-3lrfh-CxqQfvvsH_1JzVFzr1mU59oVOf6YhfSbRcLA
Cites_doi	10.56201/jafm.v9.no6.2023.pg1.18 10.1109/ACCESS.2024.3427369 10.3390/electronics12061333 10.3390/fi17020083 10.3390/brainsci13040683
ContentType	Journal Article
DBID	AAYXX CITATION
DOI	10.21015/vtse.v13i2.2145
DatabaseName	CrossRef
DatabaseTitle	CrossRef
DatabaseTitleList	CrossRef
DeliveryMethod	fulltext_linktorsrc
EISSN	2309-3978
EndPage	291
ExternalDocumentID	10_21015_vtse_v13i2_2145
GroupedDBID	AAYXX CITATION M~E
ID	FETCH-LOGICAL-c835-18b2e4ee1caea609ef3f3fd738b9ae89b984c9c310aa3c9a7ac808bd25171adf3
ISSN	2411-6246
IngestDate	Thu Jul 31 00:34:48 EDT 2025
IsDoiOpenAccess	false
IsOpenAccess	true
IsPeerReviewed	false
IsScholarly	false
Issue	2
Language	English
LinkModel	OpenURL
MergedId	FETCHMERGED-LOGICAL-c835-18b2e4ee1caea609ef3f3fd738b9ae89b984c9c310aa3c9a7ac808bd25171adf3
ORCID	0009-0007-8886-2375 0000-0002-3034-0917 0009-0008-9505-8737
OpenAccessLink	https://vfast.org/journals/index.php/VTSE/article/download/2145/1725
PageCount	19
ParticipantIDs	crossref_primary_10_21015_vtse_v13i2_2145
PublicationCentury	2000
PublicationDate	2025-06-30
PublicationDateYYYYMMDD	2025-06-30
PublicationDate_xml	– month: 06 year: 2025 text: 2025-06-30 day: 30
PublicationDecade	2020
PublicationTitle	VFAST Transactions on Software Engineering
PublicationYear	2025
References	61590 61580 61591 61581 61592 61582 61593 61583 61594 61584 61595 61585 61596 61586 61597 61587 61588 61578 61589 61579
References_xml	– ident: 61587 – ident: 61586 – ident: 61590 – ident: 61584 – ident: 61591 – ident: 61585 – ident: 61592 doi: 10.56201/jafm.v9.no6.2023.pg1.18 – ident: 61588 – ident: 61589 – ident: 61596 doi: 10.1109/ACCESS.2024.3427369 – ident: 61594 doi: 10.3390/electronics12061333 – ident: 61593 doi: 10.3390/fi17020083 – ident: 61597 doi: 10.3390/brainsci13040683 – ident: 61578 – ident: 61579 – ident: 61595 – ident: 61580 – ident: 61583 – ident: 61581 – ident: 61582
SSID	ssib044764537
Score	1.9161901
Snippet	The exponential growth of online platforms and application has made us believe that securing web apps is more important to mitigate attacks viz., data...
SourceID	crossref
SourceType	Index Database
StartPage	273
Title	Securing Web Applications: A Practical Approach to Mitigating OWASP Top 10 Vulnerabilities
Volume	13
hasFullText	1
inHoldings	1
isFullTextHit
isPrint
link	http://utb.summon.serialssolutions.com/2.0.0/link/0/eLvHCXMwnV1La9tAEF7c9NJLaUhLH2nYQy5FyJV2V7K2NxESnILTgNUk9CJ2pVVtCLabyin40B-SX5vZhx41LTTBIIywB1vzMTvPbxA6pHFQQdyg_DKpIp-NWOlzqguunDMVEl2Y0XnIyVk8_so-X0VXg8Fdr2tpXcthsfnrXMljtAr3QK96SvYBmm2Fwg14D_qFK2gYrv-lY5cs_-5dKmn9SZeAs_PmlovIKGHVTU5N5pZWA7725TKdnnvZcuWFgXexvtYM1KZZtuksdF7rxUk6zSwPup2DMDWGKVjwX7pxrMdp2NrvmUuszsTMS6tayBZZG7u_-Uxs5u2RcPrDLh4AtIiyq0hJO202BgffgdjlJ0jUNNM1ZgxchNCPiUs0KntP13XAE0r-sMO0hzfSN6p22Yk7n4nd7rVt-iF0NTQZt_VPNbwN6ZwMNQl7d8w1pf2t06_tSYRoyMjItYTcSMi1hCfoKYEQRK8Fmfw-bmwVY6OYRYaStf2DtgpuhHzc-hk9r6fnvmQv0HMXd-DUgmgXDdRiD31rAIQBQLgPoE84xS18cAMfXC9xBx9s4IMBPjgM8BZ8XqLs5Dg7Gvtu2YZfgBPuh4kkiikVFkKJOOCqovAqRzSRXKiES56wghcQDAhBCy5GokiCRJaa8S4UZUVfoZ3FcqFeIyxixpWICBekZLKseEQqiDKoIkxWShZv0IfmWeQrS6mS_-vhv33AZ9-hZx3-9tFOfbNW78FjrOWBUd09eJhsuQ
linkProvider	ISSN International Centre
openUrl	ctx_ver=Z39.88-2004&ctx_enc=info%3Aofi%2Fenc%3AUTF-8&rfr_id=info%3Asid%2Fsummon.serialssolutions.com&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Securing+Web+Applications%3A+A+Practical+Approach+to+Mitigating+OWASP+Top+10+Vulnerabilities&rft.jtitle=VFAST+Transactions+on+Software+Engineering&rft.au=Khan%2C+Shah+Aftab&rft.au=Azim%2C+Nazia&rft.au=Iqbal%2C+Asad&rft.au=Abbas%2C+Hassan&rft.date=2025-06-30&rft.issn=2411-6246&rft.eissn=2309-3978&rft.volume=13&rft.issue=2&rft.spage=273&rft.epage=291&rft_id=info:doi/10.21015%2Fvtse.v13i2.2145&rft.externalDBID=n%2Fa&rft.externalDocID=10_21015_vtse_v13i2_2145
thumbnail_l	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/lc.gif&issn=2411-6246&client=summon
thumbnail_m	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/mc.gif&issn=2411-6246&client=summon
thumbnail_s	http://covers-cdn.summon.serialssolutions.com/index.aspx?isbn=/sc.gif&issn=2411-6246&client=summon