A novel approach for detection of SQL injection and cross site scripting attacks

Sonewar, Piyush A.; Mhetre, Nalini A.

doi:10.1109/pervasive.2015.7087131

Cited by 18 publications

(4 citation statements)

References 12 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…We use Nmap [15] for scanning open ports. Figure [5] shows the server information and figure [6] shows the resource tree of our target victim website http://testphp.vulnweb.com. Outcomes of phase-2: Outcomes of phase-2: After having, the knowledge base of the website at our disposal, we then find the vulnerabilities of each URI as shown in figure [6] in the second phase.…”

Section: A Results On Http://testphpvulnwebcommentioning

confidence: 99%

See 1 more Smart Citation

A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities for Greater Harm

Islam¹,

Ansary²,

Nurain³

et al. 2018

2018 5th International Conference on Networking, Systems and Security (NSysS)

View full text Add to dashboard Cite

Recent emergence of new vulnerabilities is an epoch-making problem in the complex world of website security.Most of the websites are failing to keep updating to tackle their websites from these new vulnerabilities leaving without realizing the weakness of the websites. As a result, when cyber-criminals scour such vulnerable old version websites, the scanner will represent a set of vulnerabilities. Once found, these vulnerabilities are then exploited to steal data, distribute malicious content, or inject defacement and spam content into the vulnerable websites. Furthermore, a combination of different vulnerabilities is able to cause more damages than anticipation. Therefore, in this paper, we endeavor to find connections among various vulnerabilities such as cross-site scripting, local file inclusion, remote file inclusion, buffer overflow CSRF, etc. To do so, we develop a Finite State Machine (FSM) attacking model, which analyzes a set of vulnerabilities towards the road to finding connections. We demonstrate the efficacy of our model by applying it to the set of vulnerabilities found on two live websites.Index Terms-Cyberspace security, Vulnerabilities, Hacking, Exploits, Finite state machine (FSM).978-1-7281-1325-8/18/31.00 §c 2018 IEEE of the vulnerability will leave the postconditions to be true.

show abstract

Section: A Results On Http://testphpvulnwebcommentioning

confidence: 99%

“…al. propose an approach for detection of SQL injection and cross site scripting attack [5]. The study in [6] investigate on finding SQL injection and cross site scripting using static analysis tool.…”

Section: Related Workmentioning

confidence: 99%

A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities for Greater Harm

Islam¹,

Ansary²,

Nurain³

et al. 2018

2018 5th International Conference on Networking, Systems and Security (NSysS)

View full text Add to dashboard Cite

show abstract

“…Ada beberapa cara untuk mencegah serangan pada aplikasi web. Seperti yang telah dilakukan oleh peneliti sebelumnya [8], melakukan penelitian untuk mendeteksi serangan SQL Injection dan Cross Site Scripting (XSS) dengan menggunakan metode Intrution Detection System (IDS) [9]. Metode ini berkerja dengan cara memantau lalu lintas jaringan untuk aktivitas yang mencurigakan dan mengeluarkan peringatan saat aktivitas tersebut ditemukan, hasil dari penerapan metode ini peneliti berhasil mendeteksi serangan SQL Injection dan XSS, namun kekurangan dari metode ini hanya bisa mendeteksi serangan saja tetapi tidak bisa memblokir serangan tersebut secara otomatis.…”

Section: Kata Kunci : Web Application Firewall(waf) Vulnerability Sec...unclassified

Pengamanan Aplikasi Web Dari Serangan SQL Injection Dan Cross Site Scripting Menggunakan Web Application Firewall

Haikal Muhammad,

Id Hadiana,

Ashaury

2024

jati

View full text Add to dashboard Cite

Aplikasi web merupakan salah satu media yang paling dominan digunakan untuk pengiriman data melalui internet saat ini. banyaknya aplikasi web yang tersedia di internet saat ini membuatnya sering dijadikan sasaran untuk berbagai jenis serangan seperti SQL Injection Dan XSS. Maka dari itu diperlukannya penerapkan sistem keamanan yang dapat mencegah serangan SQL Injection dan XSS yang masuk ke aplikasi web. Web Application Firewall (WAF) adalah perangkat atau sistem yang digunakan untuk melindungi aplikasi web dari serangan yang dapat merusak atau mencuri data. dalam penelitian ini bertujuan untuk mengimplementasikan Web Application Firewall guna mencegah serangan SQL injection dan Cross Site Scripting (XSS) pada aplikasi web. Metode Web Application Firewall digunakan untuk memblokir serangan SQL injection berdasarkan aturan yang telah ditentukan sebelumnya. Penelitian ini menggunakan Web Application Firewall ModSecurity sebagai mekanisme untuk mencegah serangan SQL Injection dan Cross Site Scripting (XSS) pada web server. penelitian yang diusulkan bertujuan untuk menganalisis efektivitas penggunaan WAF dalam melindungi aplikasi web dari serangan SQL injection dan XSS. Dari hasil beberapa pengujian yang dilakukan, Web Application Firewall Modsecurity berhasil mendeteksi dan memblokir serangan SQL Injection dan Cross Site Scripting (XSS) yang masuk ke Aplikasi web.

show abstract

“…This method can handle any type of query and the algorithm is platform-independent. Other SQL injection detection methods include dynamic query matching technology [18], mapping model from URL to SQL features [19]. For the detection method of secondorder SQL injection, a new set of SQL instructions [20] is constructed dynamically and then detected with a database and proxy server.…”

Section: Figurementioning

confidence: 99%

SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN

Xie

Ren

et al. 2019

IEEE Access

View full text Add to dashboard Cite

An enterprise's data can be one of its most important assets and often critical to the firm's development and survival. SQL injection attack is ranked first in the top ten risks to network applications by the Open Web Application Security Project (OWASP). Its harmfulness, universality, and severe situation are self-evident. This paper presents a method of SQL injection detection based on Elastic-Pooling CNN (EP-CNN) and compares it with traditional detection methods. This method can output a fixed two-dimensional matrix without truncating data and effectively detects the SQL injection of web applications. Based on the irregular matching characteristics, it can identify new attacks and is harder to bypass.

show abstract

A novel approach for detection of SQL injection and cross site scripting attacks

Cited by 18 publications

References 12 publications

A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities for Greater Harm

A Sweet Recipe for Consolidated Vulnerabilities: Attacking a Live Website by Harnessing a Killer Combination of Vulnerabilities for Greater Harm

Pengamanan Aplikasi Web Dari Serangan SQL Injection Dan Cross Site Scripting Menggunakan Web Application Firewall

SQL Injection Detection for Web Applications Based on Elastic-Pooling CNN

Contact Info

Product

Resources

About