isrjournals
User Sign in    Editor Sign in

a survey on routine detection of web application defence flaws

M.S.THARA DEVI,S.SELVANAYAKI

Published in International Journal of Advanced Research in Computer Science Engineering and Information Technology

ISSN: 2321-3337          Impact Factor:1.521         Volume:4         Issue:1         Year: 19 December,2014         Pages:375-383

International Journal of Advanced Research in Computer Science Engineering and Information Technology

Abstract

The security of web applications becomes a major concern and it is receiving more and more attention from governments, corporation and research community. As the web application play a preponderant role, one can realize the importance of finding ways to reduce the number of vulnerabilities. The main research goal is to understand the typical software faults that are behind the majority of web application vulnerabilities. The focus is mainly on the two most critical web applications, which are SQL Injection and XSS and the goal is to identify leaks and recover them with help of algorithms. The main aim of the project is to propose an algorithm to detect the security vulnerabilities that performs a scanning process for all website/application files. These train software developers and code injectors that can be used to assess security mechanisms such as intrusion detection system, vulnerability scanners and static code analyser’s a result, the number of reported attacks that exploit web application vulnerabilities are still increasing.

Kewords

XSS, SQL Injection, Web application vulnerabilities

Reference

[1] G. _ Alvarez and S. Petrovic, “A New Taxonomy of Web Attacks Suitable for Efficient Encoding,” Computers and Security, vol. 22, no. 5, pp. 435-449, July 2003. [2] S. Christey, “Unforgivable Vulnerabilities,” Proc. Black Hat Briefings, 2007. [3] J. Christmansson and R. Chillarege, “Generation of an Error Set That Emulates Software Faults,” Proc. IEEE Fault Tolerant Computing Symp., pp. 304-313, 1996. [4] W. Halfond, J. Viegas, and A. Orso, “A Classification of SQL Injection Attacks and Countermeasures,” Proc. Black Hat Briefings, 2005. [5] N. Jovanovic, C. Kruegel, and E. Kirda, “Precise Alias Analysis for Static Detection of Web Application Vulnerabilities,” Proc. IEEE Symp. Security and Privacy, pp. 27-36, 2006. [6] B. Livshits and S. Lam, “Finding Security Vulnerabilities in Java Applications with Static Analysis,” Proc. USENIX Security Symp., pp. 18-18, 2005. [7] Katkar anjali S.,Kulkarni raj B.,”Web vulnerability detection and security mechanism”,sep 2012. [8] Pankaj Sharma, Rahul Johari, ”A survey on web application vulnerabilities (SQLIA,XSS) exploitation and security engine for sql injection, 2012 International Conference. [9] OWASP Foundation, “OWASP Top 10,” https://www.owasp. org/index.php/Top_10_2010-Main, July 2010.