The Reality of Internet Infrastructure and Services Defacement: A Second Look at Characterizing Web-Based Vulnerabilities

In recent years, the number of people using the Internet has increased worldwide, and the use of web applications in many areas of daily life, such as education, healthcare, finance, and entertainment, has also increased. On the other hand, there has been an increase in the number of web application security issues that directly compromise the confidentiality, availability, and integrity of data. One of the most widespread web problems is defacement. In this research, we focus on the vulnerabilities detected on the websites previously exploited and distorted by attackers, and we show the vulnerabilities discovered by the most popular scanning tools, such as OWASP ZAP, Burp Suite, and Nikto, depending on the risk from the highest to the lowest. First, we scan 1000 URLs of defaced websites by using three web application assessment tools (OWASP ZAP, Burp Suite, and Nikto) to detect vulnerabilities which should be taken care of and avoided when building and structuring websites. Then, we compare these tools based on their performance, scanning time, the names and number of vulnerabilities, and the severity of their impact (high, medium, low). Our results show that Burp Suite Professional has the highest number of vulnerabilities, while Nikto has the highest scanning speed. Additionally, the OWASP ZAP tool is shown to have medium- and low-level alerts, but no high-level alerts. Moreover, we detail the best and worst uses of these tools. Furthermore, we discuss the concept of Domain Name System (DNS), how it can be attacked in the most common ways, such as poisoning, DDOS, and DOS, and link it to our topic on the basis of the importance of its infrastructure and how it can be the cause of hacking and distorting sites. Moreover, we introduce the tools used for DNS monitoring. Finally, we give recommendations about the importance of security in the community and for programmers and application developers. Some of them do not have enough knowledge about security, which allow vulnerabilities to occur.