A Framework for Vulnerability Detection in Software Application H2S and Protection Against Command Injection Flaw

"Application Security Assessment" is a process of providing complete security to the application from various vulnerabilities. Through this paper we are trying to detect what all vulnerabilities does our application "H2S" has and try to understand how can it affect our application. Application is taken as input from the user along with applications docume ntation. Also, User ID and password is to be given by the customer. After having all the required documents, application is deeply studied and understood . The main benefit of this application is that users can prevent their application and the essential i nformation that an application has from getting affected by the external attackers. Firstly a threat profile is created and then vulnerabilities are checked. Various vulnera bilities checked by the project are: INJECTION FLAW , CROSS - SITE SCRIPTING (XSS) , C ROSS SITE REQUEST FORGERY (CSRF) , RE - DIRECTIONAL FLAW , SESSION MANAGEMENT , MALICIOUS FILE EXECUTION, INSECURE DIRECT OBJECT REFERENCE , INFORMATION LEAKAGE AND IMPROPER ERROR HANDLING After checking for available vulnerabilities, risk is calculated using ris k ranking matrix and finally provide solution so that application fully secured from external attacks.