Secure Web Application: Preventing Application Injections

Authors

  • Chokhawala Kirit I.  Department of Computer Science and Engineering,. Mewar University, Rajasthan, India
  • Dr. Vinit Kumar Chuabay  Department of Computer Science and Engineering,. Mewar University, Rajasthan, India
  • Dr. A. R. Patel  Department of Computer Science and Engineering,. Mewar University, Rajasthan, India

Keywords:

Web application, Cross Site Scripting attack, SQL injection attack, Command Injection Attack and Cookie Poisoning attack.

Abstract

In the recent years, web applications are the number one source of vulnerabilities targeted by Hackers. Although traditionally companies have used intrusion detection and prevention systems which monitor the network in general, there is now a widespread use of Web Application Firewalls as a security solution that monitors and protects only web applications. A web application is a software application that is accessed over the Internet using HyperText Transfer Protocol (HTTP). In a typical web application a client, such as a browser, interacts with a web server by exchanging a series of messages that are made up of HTTP requests and responses. An attacker often exploits vulnerabilities that exist in a web application to launch attacks. The focus of this research paper is to study and analyze the application level attacks for secure web application. Application level attacks covered Cross Site Scripting attack, SQL injection attack, Command Injection Attack and Cookie Poisoning attack.

References

  1. Sandeep Bhatkar, Abhishek Chaturvedi, and R. Sekar.Dataflow anomaly detection. In IEEE Symposium on Security and Privacy, May 2006
  2. E. Chien. Malicious Yahooligans. http://www.symantec.com/avcenter/reference/malicious. yahooligans.pdf, 2006.
  3. Open Web Application Security Project. The ten most critical Web application security vulnerabilities http://umn.dl.sourceforge.net /sourceforge/owasp/ OWASPTopTen2004.pdf,2004
  4. The Samy worm. http://namb.la/popular
  5. MITRE. Common vulnerabilities and exposures. http://cve.mitre.org/cve/, 2007
  6. Xie and A. Aiken, ―Static Detection of Security Vulner-abilities in ScriptingLanguages,Proc. 15th Use nix Security Symp. (Use nix-SS 06), vol. 15, Use nix, 2006, pp.179-192.
  7. https://www.isecpartners.com/media/11961/CSRF_Pape r.pdf
  8. William G.J. Halfond, Alessandro Orso, Member, IEEE Computer Society, and Panagiotis Manolios, Member, IEEE Computer Society, ―WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation‖,, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 34, NO. 1, JANUARY/FEBRUARY 2008
  9. Justin Claarke, SQL Injection Attack and Defenses. U. S.: Syngress Publishing, Inc., 2009.
  10. Infodox, Insecurity Research, Online], http://insecurety.net/?p=403
  11. Imperva Online], https://www.imperva.com/ resources /glossary?term=cookie_poisoning.

International Journal of Scientific Research in Science, Engineering and Technology

Downloads

Published

2015-01-25

Issue

Volume 2, Issue 1, January-February-2016

Section

Research Articles

License

Copyright (c) IJSRSET

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Chokhawala Kirit I., Dr. Vinit Kumar Chuabay, Dr. A. R. Patel, " Secure Web Application: Preventing Application Injections, International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 2, Issue 1, pp.143-147, January-February-2016.