isrjournals
User Sign in    Editor Sign in

shielding against web application assaults approaches difficulties implications

M. Nithish Dhananjay Yadav,chunchu vinod babu,v. praneeth

Published in International Journal of Advanced Research in Computer Science Engineering and Information Technology

ISSN: 2321-3337          Impact Factor:1.521         Volume:6         Issue:3         Year: 25 April,2023         Pages:1772-1776

International Journal of Advanced Research in Computer Science Engineering and Information Technology

Abstract

Probably the most hazardous web assaults, for example, Cross-Site Scripting and SQL infusion, misuse vulnerabilities in web applications that may acknowledge and process information of questionable starting point without appropriate approval or sifting, permitting the infusion and execution of dynamic or space explicit language code. These assaults have been always beating the arrangements of different security release suppliers in spite of the various countermeasures that have been proposed in the course of recent years. In this paper, we give investigate different guard systems against web code infusion assaults. We propose a model that features the key shortcomings empowering these assaults, and that gives a typical point of view to examining the accessible resistances. Discovery exactness is of specific significance, as our discoveries show that numerous guard components have been tried in a poor way. Likewise, we see that a few components can be skirted by aggressors with information on how the instruments work. At long last, we talk about the consequences of our examination, with accentuation on factors that may thwart the across-the-board appropriation of resistances in practice.

Kewords

Web Application, Cross-Site Scripting, SQL Infusion.

Reference

[1 ]Z. Su and G. Wassermann, “The essence of command injection attacks in web applications,” in Proceedings of the 33rd ACM Symposium on Principles of Programming Languages, 2006, pp. 372–382. [2] D. Ray and J. Ligatti, “Defining code-injection attacks,” in POPL ’12. ACM, 2012, pp. 179–190. [3] M. Heiderich, M. Niemietz, F. Schuster, T. Holz, and J. Schwenk, “Scriptless attacks: stealing the pie without touching the sill,” in Proceedings of the 19th conference on Computer and Communications Security, 2012, pp. 760–771. [4] J. Dahse, N. Krein, and T. Holz, “Code reuse attacks in PHP: Automated POP chain generation,” in Proceedings of the 21st ACM Conference on Computer and Communications Security, 2014, pp. 42–53. [5] W. G. Halfond, J. Viegas, and A. Orso, “A classification of SQL-injection attacks and countermeasures,” in Proceedings of the International Symposium on Secure Software Engineering, Mar. 2006. [6] M. Shahzad, M. Z. Shafiq, and A. X. Liu, “A large scale exploratory analysis of software vulnerability life cycles,” in ICSE ’12. IEEE Press, 2012, pp. 771–781. [7] H. Shahriar and M. Zulkernine, “Mitigating program security vulnerabilities: Approaches and challenges,” ACM Comput. Surv., vol. 44, no. 3, pp. 11:1–11:46, Jun. 2012. [8] S. Axelsson, “The base-rate fallacy and the difficulty of intrusion detection,” ACM Trans. Inf. Syst. Secur., vol. 3, no. 3, pp. 186–205, Aug. 2000.