Web applications play a significant role in today’s digital age. Their uses in our lives have become indispensable. It has made web applications a favorite target for attackers and has increased web security risk. This study focuses on finding structural aspects and vulnerabilities present in India’s 50 websites which were categorized into five categories of 10 most visited sites, i.e., e-commerce, news, entertainment, education, and other scanned as an ordinary user to consider safety assessment of these websites. The knowledge about these sites, such as technologies used and infrastructure they have, the vulnerabilities they possess, has been investigated using penetration tests in this study. As a result of this research, web server information and operating system information from 86% to 66% respectively of the reviewed websites are identified. Medium and low degree vulnerabilities have been present in all scanned websites. Some of them even have High vulnerabilities also. With the vulnerability screening tests, their degree of vulnerabilities graph revealed, and information about the most identified weaknesses was given.

Web Applications, Penetration Testing, Penetration Testing Tools, Weakness Analysis, Web Security

[1] P. Fung, Mitigations of web applications security risks, hong kong: Ph.D dissertation, 2014.
[2] N. Kochare, S. Chalurkar, B.B. Meshram,, “Web Application Vulnerabilities Detection Techniques Survey,” IJCSNS International Journal of Computer Science and Network Security, vol. 13, no. 6, p. 7177, 2013.
[3] C. Polat, Penetration Tests and Security Solutions for Corporate Networks, Dokuz Eylul University Izmir, 2016, pp. 1-182.
[4] Ruse, M.E, Model Checking Techniques for Vulnerability Analysis of Web Applications, Iowa: Iowa State University, 2013.
[5] C. Huang, J. Liu, Y. Fang, Z. Zuo, “A study on Web Security incidents in China by Analyzing Vulnerability disclosure Platforms,” Computer and Security, vol. 58, pp. 47-62, 2016.
[6] D. Stiawan, M. Idris, A. Abdullah, F. Aljaber and R. Budiarto, “Cyber-Attack Penetration Test and Vulnerability Analysis,” International Journal of Online Engineering, vol. 13, no. 1, pp. 125-132, 2017.
[7] S. Sandhya, S. Purkayastha, E. Joshua, A. Deep, “Assessment of website security by penetration testing using Wireshark,” in 4th International Conference on Advanced Computing and Communication Systems (ICACCS), Coimbatore, India, 2017.
[8] S. Nixon, Y. Haile, “Analyzing vulnerabilities on WLAN security protocols and enhance its security by using pseudo random MAC address,” International Journal of Emerging Trends & Technology in Computer Science (IJETTCS’2017), 2017.
[9] J.H. Bullee, L. Montoya, W. Pieters, M. Junger, P. Hartel, “On the anatomy of social engineering attacks—A literature-based dissection of successful attacks,” Journal of investigative psychology and offender profiling, vol. 15, no. 1, pp. 20-45, 2017.
[10] Y. Wu, G. Feng, R.Y.K Fung, “Comparison of information security decisions under different security and business environments,” Journal of the Operational Research Society, vol. 69, no. 5, pp. 747-761, 2018.
[11] P. Cisar, S.M. Maravi, I. Furstner, “Security Assessment with Kali Linux,” Banki Kozlemenyekl, vol. 1, no. 1, pp. 49-52, 2018.