A Novel Method to Detect and Prevent SQLIA Using Ontology to Cloud Web Security

Durai, K. Naveen; Subha, R.; Haldorai, Anandakumar

doi:10.1007/s11277-020-07243-z

Cited by 43 publications

(14 citation statements)

References 20 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…In previous research on PHP web applications, we first demonstrated that many forms of vulnerabilities can be identified using the proposed IVS attributes, including SQL injection bugs, cross-site scripting, remote execution of code, and inclusion of files [7]. We also demonstrated that semi-supervised learning is a realistic alternative to supervised learning with a limited number of sinks with known vulnerabilities available when it comes to training the predictive model [8]. In experiments on eight test subjects, each of the proposed attributes demonstrated a discriminative power for at least one subject between vulnerable and non-vulnerable program statements.…”

Section: Related Workmentioning

confidence: 88%

Web Attack Detection Using the Input Validation Method: DPDA Theory

Khalaf¹,

Sokiyna²,

Alotaibi³

et al. 2021

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

Section: Related Workmentioning

confidence: 88%

Web Attack Detection Using the Input Validation Method: DPDA Theory

Khalaf¹,

Sokiyna²,

Alotaibi³

et al. 2021

Computers, Materials &Amp; Continua

View full text Add to dashboard Cite

show abstract

“…A web application vulnerability allows an intruder to penetrate the web application for performing unwanted aspects on the specified pages of the user. In Durai et al [12], the authors explained the differences between vulnerability assessment and exploitation and the approach of an assessment to be performed for SQL injection attacks, cross-site scripting attacks, and cross-site request forgery attacks. They even mention secured code reviews and penetration testing in the development lifecycle to identify and mitigate significant vulnerabilities in web applications.…”

Section: Related Workmentioning

confidence: 99%

Web Security: Emerging Threats and Defense

Almutairi¹,

Mishra²,

Alshehri³

2022

Computer Systems Science and Engineering

View full text Add to dashboard Cite

Web applications have become a widely accepted method to support the internet for the past decade. Since they have been successfully installed in the business activities and there is a requirement of advanced functionalities, the configuration is growing and becoming more complicated. The growing demand and complexity also make these web applications a preferred target for intruders on the internet. Even with the support of security specialists, they remain highly problematic for the complexity of penetration and code reviewing methods. It requires considering different testing patterns in both codes reviewing and penetration testing. As a result, the number of hacked websites is increasing day by day. Most of these vulnerabilities also occur due to incorrect input validation and lack of result validation for lousy programming practices or coding errors. Vulnerability scanners for web applications can detect a few vulnerabilities in a dynamic approach. These are quite easy to use; however, these often miss out on some of the unique critical vulnerabilities in a different and static approach. Although these are time-consuming, they can find complex vulnerabilities and improve developer knowledge in coding and best practices. Many scanners choose both dynamic and static approaches, and the developers can select them based on their requirements and conditions. This research explores and provides details of SQL injection, operating system command injection, path traversal, and cross-site scripting vulnerabilities through dynamic and static approaches. It also examines various security measures in web applications and selected five tools based on their features for scanning PHP, and JAVA code focuses on SQL injection, cross-site scripting, Path Traversal, operating system command. Moreover, this research discusses the approach of a cyber-security tester or a security developer finding out vulnerabilities through dynamic and static approaches using manual and automated web vulnerability scanners.

show abstract

“…This enhanced ABC-based load balancing scheme concentrated on reducing the make-span of tasks with a minimized number of VM migrations. It categorized the underloaded tasks as the food sources and the number of tasks isolated from the overloaded VMs as the honeybees in the implemented algorithm [25]. The foraging activities of the honeybees are included in the load balancing process to effectively balance the load among the available virtual machines in the cloud environment.…”

Section: Related Workmentioning

confidence: 99%

Hybrid Invasive Weed Improved Grasshopper Optimization Algorithm for Cloud Load Balancing

Durai¹,

Subha²,

Haldorai³

2022

Intelligent Automation &Amp; Soft Computing

View full text Add to dashboard Cite

In cloud computing, the processes of load balancing and task scheduling are major concerns as they are the primary mechanisms responsible for executing tasks by allocating and utilizing the resources of Virtual Machines (VMs) in a more optimal way. This problem of balancing loads and scheduling tasks in the cloud computing scenario can be categorized as an NP-hard problem. This problem of load balancing needs to be efficiently allocated tasks to VMs and sustain the trade-off among the complete set of VMs. It also needs to maintain equilibrium among VMs with the objective of maximizing throughput with a minimized time span. In this paper, a Hybrid Invasive Weed Improved Grasshopper Optimization Algorithm-based-efficient Load Balancing (HIWIGOA-LB) technique is proposed by adopting the merits of the Invasive Weed Optimization Algorithm (IWOA) into the Grasshopper Optimization Algorithm (GOA) for determining the near-optimal solution that facilitates optimal load balancing. In particular, the random walk strategy is adopted to prevent the local point of optimality problem. It also utilized the strategy of grouping to modify the exploitation coefficient associated with the traditional GOA for balancing the rate of exploration and exploitation. The simulation investigations of the proposed HIWIGOA-LB scheme confirmed its better performance in minimizing the make span and response time by 13.21% and 16.71%, with a maximized throughput of 19.28%, better than the baseline approaches considered for investigation.

show abstract

A Novel Method to Detect and Prevent SQLIA Using Ontology to Cloud Web Security

Cited by 43 publications

References 20 publications

Web Attack Detection Using the Input Validation Method: DPDA Theory

Web Attack Detection Using the Input Validation Method: DPDA Theory

Web Security: Emerging Threats and Defense

Hybrid Invasive Weed Improved Grasshopper Optimization Algorithm for Cloud Load Balancing

Contact Info

Product

Resources

About