Guidelines for Discovering and Improving Application Security

This paper analyzes current threats in computer security for web-based applications with a SQL database. We conduct a penetration test in a real-case scenario of multiple attacks against the network, the web application and the SQL database. The test infrastructure includes two servers, a firewall and one machine that acts as an attacker´s computer. Based on our empirical analysis we diagnose specific vulnerabilities and we formulate best practices to improve security against common attack. The article contributes to the discussion of state-of-the art security techniques and illustrates the value of penetration testing for diagnosing attacks against specific technologies.