Secure Web Application: Preventing Application Injections

Authors(3) :-Chokhawala Kirit I., Dr. Vinit Kumar Chuabay, Dr. A. R. Patel

In the recent years, web applications are the number one source of vulnerabilities targeted by Hackers. Although traditionally companies have used intrusion detection and prevention systems which monitor the network in general, there is now a widespread use of Web Application Firewalls as a security solution that monitors and protects only web applications. A web application is a software application that is accessed over the Internet using HyperText Transfer Protocol (HTTP). In a typical web application a client, such as a browser, interacts with a web server by exchanging a series of messages that are made up of HTTP requests and responses. An attacker often exploits vulnerabilities that exist in a web application to launch attacks. The focus of this research paper is to study and analyze the application level attacks for secure web application. Application level attacks covered Cross Site Scripting attack, SQL injection attack, Command Injection Attack and Cookie Poisoning attack.

Authors and Affiliations

Chokhawala Kirit I.
Department of Computer Science and Engineering,. Mewar University, Rajasthan, India
Dr. Vinit Kumar Chuabay
Department of Computer Science and Engineering,. Mewar University, Rajasthan, India
Dr. A. R. Patel
Department of Computer Science and Engineering,. Mewar University, Rajasthan, India

Web application, Cross Site Scripting attack, SQL injection attack, Command Injection Attack and Cookie Poisoning attack.

  1. Sandeep Bhatkar, Abhishek Chaturvedi, and R. Sekar.Dataflow anomaly detection. In IEEE Symposium on Security and Privacy, May 2006
  2. E. Chien. Malicious Yahooligans. http://www.symantec.com/avcenter/reference/malicious. yahooligans.pdf, 2006.
  3. Open Web Application Security Project. The ten most critical Web application security vulnerabilities http://umn.dl.sourceforge.net /sourceforge/owasp/ OWASPTopTen2004.pdf,2004
  4. The Samy worm. http://namb.la/popular
  5. MITRE. Common vulnerabilities and exposures. http://cve.mitre.org/cve/, 2007
  6. Xie and A. Aiken, ―Static Detection of Security Vulner-abilities in ScriptingLanguages,Proc. 15th Use nix Security Symp. (Use nix-SS 06), vol. 15, Use nix, 2006, pp.179-192.
  7. https://www.isecpartners.com/media/11961/CSRF_Pape r.pdf
  8. William G.J. Halfond, Alessandro Orso, Member, IEEE Computer Society, and Panagiotis Manolios, Member, IEEE Computer Society, ―WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation‖,, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 34, NO. 1, JANUARY/FEBRUARY 2008
  9. Justin Claarke, SQL Injection Attack and Defenses. U. S.: Syngress Publishing, Inc., 2009.
  10. Infodox, Insecurity Research, Online], http://insecurety.net/?p=403
  11. Imperva Online], https://www.imperva.com/ resources /glossary?term=cookie_poisoning.

Publication Details

Published in : Volume 2 | Issue 1 | January-February 2016
Date of Publication : 2015-01-25
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 143-147
Manuscript Number : IJSRSET162143
Publisher : Technoscience Academy

Print ISSN : 2395-1990, Online ISSN : 2394-4099

Cite This Article :

Chokhawala Kirit I., Dr. Vinit Kumar Chuabay, Dr. A. R. Patel, " Secure Web Application: Preventing Application Injections, International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 2, Issue 1, pp.143-147, January-February-2016.
Journal URL : http://ijsrset.com/IJSRSET162143

Article Preview

Follow Us

Contact Us