dc.description.abstract |
With the exponentially increasing use of online tools, applications that are being made for
day to day purpose by small and large industries, the threat of exploitation is also
increasing. Remote Code Execution (RCE) is a known threat that is considered one of the
topmost critical and severe web applications vulnerability and one of the major concerns
among cyber threats, which can exploit web servers through their functionalities and
using their scripts/files. RCE is an application layer vulnerability caused by careless
coding practice which leads to a huge security breach that may bring unwanted resource
loss or damages. An attacker may run malicious code to take control of the besieged
system with the privileges of avalidclient with this vulnerability. Then the attackers
attempt to advance their privileges after gaining access to the system. Remote Code
Execution can lead to a full compromise of the vulnerable web application as well as the
web server. This chapter highlights the concern and risk needed to put under
consideration caused by RCE vulnerability of a system. Moreover, this study and its
findings will help application developers and its stakeholders to understand the risk of
data compromise and unauthorized access to the system. Around 1011 web applications
were taken under consideration and experiment was done by following manual double
blinded penetration testing strategy. The experiments show that more than 12% of web
application were found vulnerable to RCE. This study also explicitly listed the critical
factors of Remote Code Execution vulnerability and improper input handling. The
experimental results are promising to motivate developers to focus on security
enhancement through proper and safe input handling. |
en_US |