SAISAN: An Automated Local File Inclusion Vulnerability  Detection Model

Hassan, Maruf; Bhuyian, Touhid; Sohel, Mohammad Khaled; Sharif, Hasan; Biswas, S.

doi:10.14419/ijet.v7i2.3.9956

Cited by 12 publications

(6 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…This framework will give fewer false positive alerts than other applications. An extract of the complete HTTP GET request is shown below: [1] Figure 03: CRLF in the header In this figure, it is a header request where CRLF means the CR and LF tag can be found. CR and LF are special characters (ASCII 13 and 10 respectively, also referred to as \r and \n) that are used to signify the End of Line (EOL).…”

Section: Methodsmentioning

confidence: 99%

“…Some of the research has been focused on injection-based attacks including SQL injection, HTML injection, and also code injection. A study on three major SQLi techniques was implemented on the educational and financial websites of Bangladesh and executes analysis web applications for figuring out the security condition [1]. But there was no mention of any CRLF vulnerability.…”

Section: Literature Reviewmentioning

confidence: 99%

“…Because this vulnerability was discovered newly that is why there is no details research about this vulnerability so there is a scope to improve CRLF detection. Researchers have only investigated the other types of vulnerabilities where attacks are mainly based on HTTP attacks [1]. This research only covers web application vulnerability which is a very big issue in developing a secure application [5].…”

Section: Introductionmentioning

confidence: 99%

“…The most widespread flaw in web applications is the injection, which includes SQL, HTML, CRLF, and other types of injection. Other flaws include XSS, broken access control, security misconfiguration, exposed sensitive data, inadequate attack protection, using components with known vulnerabilities, using unprotected APIs, local file inclusion, and broken authentication and session management [1] [7]. To solve this problem, many researchers have tried several methods but less research has been carried out in the area of CRLF vulnerability detection or discovery, and this still remains one of the most critical vulnerabilities.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Minimize Web Applications vulnerabilities through the early Detection of CRLF Injection

Hasan¹,

Rahman²

2023

Preprint

View full text Add to dashboard Cite

Section: Methodsmentioning

confidence: 99%

Section: Literature Reviewmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Minimize Web Applications vulnerabilities through the early Detection of CRLF Injection

Hasan¹,

Rahman²

2023

Preprint

View full text Add to dashboard Cite

“…However, attacker can delete trusted list file if he/she gets access to the web site directory. On the other hand, Hassan et al [184] proffered a model to detect local file inclusion (LFI) vulnerability. This model is implemented using Python language.…”

Section: • Local File Inclusion(lfi)mentioning

confidence: 99%

Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art

Faisal

Elshoush

2023

IEEE Access

View full text Add to dashboard Cite

In recent years, huge increase in attacks and data breaches is noticed. Most of the attacks are performed and focused on the vulnerabilities related to web applications. Hence, nowadays the mitigation of application vulnerabilities is an ignited research area. Thus, due to the potential high severity impacts of web application, many different approaches have been proposed in the past decades to mitigate the damages of application vulnerabilities. Static and dynamic analysis are the two main techniques used. In this paper, a new classification for web application input validation vulnerabilities is proffered. In addition, various techniques/tools that are used to detect them are analyzed and evaluated to apprehend their strengths and weaknesses. Thus, this paper provides both technical as well as literature countermeasures to input validation vulnerabilities. Moreover, various statistical distributions of the reviewed techniques were manifested and scrutinize in different aspects to reveal the perception of the prevailing techniques and the gaps in the literature. In addition, the most widespread metrics are also propounded.

show abstract

An empirical comparison of commercial and open‐source web vulnerability scanners

et al. 2020

View full text Add to dashboard Cite

Web vulnerability scanners (WVSs) are tools that can detect security vulnerabilities in web services. Although both commercial and open-source WVSs exist, their vulnerability detection capability and performance vary. In this paper, we report on a comparative study to determine the vulnerability detection capabilities of eight WVSs (both open and commercial) using two vulnerable web applications: WebGoat and Damn vulnerable web application (DVWA). The eight WVSs studied were: Acunetix; HP WebInspect; IBM AppScan; OWASP ZAP; S ; Arachni; Vega; and Iron WASP. The performance was evaluated using multiple evaluation metrics: precision; recall; Youden index; OWASP web benchmark evaluation (WBE); and the web application security scanner evaluation criteria (WASSEC). The experimental results show that, while the commercial scanners are effective in detecting security vulnerabilities, some open-source scanners (such as ZAP and Skipfish) can also be effective. In summary, this study recommends improving the vulnerability detection capabilities of both the open-source and commercial scanners to enhance code coverage and the detection rate, and to reduce the number of false-positives.

show abstract

SAISAN: An Automated Local File Inclusion Vulnerability Detection Model

Cited by 12 publications

References 16 publications

Minimize Web Applications vulnerabilities through the early Detection of CRLF Injection

Minimize Web Applications vulnerabilities through the early Detection of CRLF Injection

Input Validation Vulnerabilities in Web Applications: Systematic Review, Classification, and Analysis of the Current State-of-the-Art

An empirical comparison of commercial and open‐source web vulnerability scanners

Contact Info

Product

Resources

About