On the causes of open source web systems vulnerabilities
Web applications are ubiquitous. They range in complexity from a simple weblog system to a fully featured e-commerce system. Current web applications have many inherent vulnerabilities; hence, they are fast becoming a favorite target for attackers. While many approaches have been proposed to address various web application vulnerability issues, a survey to further understand the properties of these vulnerabilities has not been performed. In this paper, four vulnerability-oriented research questions are empirically investigated via analyzing vulnerability reports, from popular vulnerability databases, and source code. Finally, based upon these results, the authors suggest a mechanism for resolving many of these issues.