Certain investigation on web application security: Phishing detection and phishing target discovery

With the rapid development of web applications, and with the comfort provided by these web applications, internet users utilize this benefits to a great extent that they make almost all their day to day activities such as news paper reading, shopping, electricity bill payment, ticket booking and entertainment with the help of the internet. This phenomenon forces the users of the internet to get connected with the internet for a prolonged time and hence it increases the chances of the users to get caught in the web of phishing - an attack crafted by hackers to steal sensitive information by tempting the users with lucrative offers initially and then redirecting them to a fraudulent website(which the user may not suspect) where they can deceive the user by asking them to submit their credentials(usually users submit their credentials without knowing that these are fake offers created with a sole intention of stealing sensitive information). In spite of the alert and awareness given by the web community in this regard, more and more phishing artist succeed in their attack. Also these phishing artist develop novel attacks such as tab nabbing, website impersonation etc that attracts more and more internet user to be caught in the web of phishing. However many tools and methodologies have been developed to prevent phishing and to alert users orally and visually. But still the success rates of the phishing attack remains high and also the approaches related to phishing detection suffers high false positive and false negative ratio. In this paper various tools and methodologies used to prevent phishing has been analyzed and an efficient mechanism has been proposed to prevent phishing.