In the recent years, web applications are the number one source of vulnerabilities targeted by Hackers. Although traditionally companies have used intrusion detection and prevention systems which monitor the network in general, there is now a widespread use of Web Application Firewalls as a security solution that monitors and protects only web applications. A web application is a software application that is accessed over the Internet using HyperText Transfer Protocol (HTTP). In a typical web application a client, such as a browser, interacts with a web server by exchanging a series of messages that are made up of HTTP requests and responses. An attacker often exploits vulnerabilities that exist in a web application to launch attacks. The focus of this research paper is to study and analyze the application level attacks for secure web application. Application level attacks covered Cross Site Scripting attack, SQL injection attack, Command Injection Attack and Cookie Poisoning attack.
Chokhawala Kirit I., Dr. Vinit Kumar Chuabay, Dr. A. R. Patel
Web application, Cross Site Scripting attack, SQL injection attack, Command Injection Attack and Cookie Poisoning attack.
- Sandeep Bhatkar, Abhishek Chaturvedi, and R. Sekar.Dataflow anomaly detection. In IEEE Symposium on Security and Privacy, May 2006
- E. Chien. Malicious Yahooligans. http://www.symantec.com/avcenter/reference/malicious. yahooligans.pdf, 2006.
- Open Web Application Security Project. The ten most critical Web application security vulnerabilities http://umn.dl.sourceforge.net /sourceforge/owasp/ OWASPTopTen2004.pdf,2004
- The Samy worm. http://namb.la/popular
- MITRE. Common vulnerabilities and exposures. http://cve.mitre.org/cve/, 2007
- Xie and A. Aiken, ―Static Detection of Security Vulner-abilities in ScriptingLanguages,Proc. 15th Use nix Security Symp. (Use nix-SS 06), vol. 15, Use nix, 2006, pp.179-192.
- https://www.isecpartners.com/media/11961/CSRF_Pape r.pdf
- William G.J. Halfond, Alessandro Orso, Member, IEEE Computer Society, and Panagiotis Manolios, Member, IEEE Computer Society, ―WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation‖,, IEEE TRANSACTIONS ON SOFTWARE ENGINEERING, VOL. 34, NO. 1, JANUARY/FEBRUARY 2008
- Justin Claarke, SQL Injection Attack and Defenses. U. S.: Syngress Publishing, Inc., 2009.
- Infodox, Insecurity Research, Online], http://insecurety.net/?p=403
- Imperva Online], https://www.imperva.com/ resources /glossary?term=cookie_poisoning.
|Published in :
||Volume 2 | Issue 1 | January-Febuary - 2016
|Date of Publication
Cite This Article
Chokhawala Kirit I., Dr. Vinit Kumar Chuabay, Dr. A. R. Patel, "Secure Web Application: Preventing Application Injections", International Journal of Scientific Research in Science, Engineering and Technology(IJSRSET), Print ISSN : 2395-1990, Online ISSN : 2394-4099, Volume 2, Issue 1, pp.143-147, January-Febuary-2016.
URL : http://ijsrset.com/IJSRSET162143.php