Abstract

Internet based application services become the essential part of peoples' daily activities. Web applications are a complex organized mess of codes; the software industry often they are built-in extreme pressure to meet a deadline. Therefore, it often retains the vulnerability holes from the development phase to the operational phase. Coding flaws, improper input sanitization, server misconfiguration, etc. causes the application vulnerable to an attacker, which may lead to service interruption and theft of valuable information. This paper conducts an empirical analysis of e-commerce based web applications to evaluate the current web application security scenario in Bangladesh. The most prominent web application security scanner named as Acunetix and Nikto were used to evaluate this study. A breakdown has conjured based on analytical results to find out the types of vulnerability. It is concluded that Cross-Site Request Forgery shows most frequent vulnerability where maximum apps were found having this vulnerability so aptly ranked as number one. However, cross site scripting positioned top for high-level risk vulnerability in Bangladeshi e-commerce platform.