Hybridizing Regular Expression with query processing to remove SQL Injection and XSS attacks
Journal Title: International Journal of engineering Research and Applications - Year 2017, Vol 7, Issue 11
Abstract
Web applications are widely used everywhere like e-commerce, online payments, online banking, money transfer, social networking, etc. As web application interacts with database where critical information is stored over the network. The methodology used is Structure Query language (SQL) and Scripting language. OWASP [2] has released the latest version of “Top 10 Vulnerabilities” based on the previous incidents as well as on the risks associated with the Vulnerabilities. SQL Injection and Cross Site Scripting are the most serious security threat to Web applications they allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive information these databases contain. Cross Site Scripting is a most prevalent web application security issue. This occurs when application sends the user provided data to the web browser without validating or encoding the account. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites. To address this problem, we describe review of the different types of SQL injection attacks and XSS attack. For each type of attack, we provide descriptions and examples of how attacks of that type could be performed. This paper identifies the security of a full blown E-Commerce website, and checks for any SQL Injection or XSS vulnerabilities based on an hybrid approach of query processing and regular expression checking. This approach improves the accuracy of attack detection and sanitizes the input query, so that the back end server is secured. In our case, we tested the system over more than 50 different types of SQL Injection and XSS attacks, and found it 100% accurate in terms of attack detection and query sanitization
Authors and Affiliations
Monali Sachin Kawalkar, Dr. P. K. Butey
Keywords
Related Articles
- EP ID EP392951
- DOI 10.9790/9622-0711071324.
- Views 85
- Downloads 0
“Design and Analysis of a Windmill Blade in Windmill Electric Generation System”
Wind turbine is a standout amongst the most imperative wellsprings of renewable vitality. Wind turbine extricate active vitality from the wind. A little wind turbine cutting edge was composed and examined in this work. T...
Performance and Emission of a Diesel Engine Fueled by Diesel and Biodiesel Blends with Antioxidant Additives and Their Emulsions
This study is aimed at presenting a new type of antioxidant 2,6-Di-tert-butyl-4-methoxyphenol (DBMP), blended with B20 and B100 and their water emulsions (2.5% and 5%), to produce an emulsified fuel for diesel engines. T...
An Authentication Protocol based on Kerberos
In this paper a single-sign-on authentication protocol has been proposed. The protocol is a derivative of the Kerberos protocol that uses one server for authentication purposes, except that it is simpler in its’ implemen...
A Proposed Method for Safe Disposal of Consumed Photovoltaic Modules
The growth of domestic and large-scale applications of solar energy, especially photovoltaic (PV) cells which reaches annually up to 40 % worldwide since 2000, means that the technology has stepped out from demonstration...
Double Diffusive Convection and the Improvement of Flow in Square Porous Annulus
There has been increased interest shown in recent years to investigate the behavior of heat and mass transfer in a square annulus with a porous medium fixed between the inner and outer walls. This paper aims to evaluate...