Detecting Input Validation Attacks in Web Application

Sayma Khan; Amit Saxena

Call for Paper

June Edition

IJCA solicits high quality original research papers for the upcoming June edition of the journal. The last date of research paper submission is 20 May 2024

Submit your paper

Know more

The week's pick

Enhancing Privacy Preservation: Multi-Attribute Protection with P-Sensitive K-Anonymity

Twinkle Patel Kiran Amin

Random Articles

Feasible Study on Pattern Matching Algorithms based on Intrusion Detection Systems

June

2014

Modeling and Economic Analysis of Energy Generation from Biomass Energy

December

2014

M-Pass: Web Authentication Protocol Resistant to Malware and Phishing

April

2014

Performance Analysis on the Effect of Doping Concentration in Copper Indium Gallium Selenide (CIGS) Thin-film Solar Cell

March

2015

Reseach Article

Detecting Input Validation Attacks in Web Application

by Sayma Khan, Amit Saxena

International Journal of Computer Applications

Foundation of Computer Science (FCS), NY, USA

Volume 109 - Number 6

Year of Publication: 2015

Authors: Sayma Khan, Amit Saxena

10.5120/19189-0786

Sayma Khan, Amit Saxena . Detecting Input Validation Attacks in Web Application. International Journal of Computer Applications. 109, 6 ( January 2015), 1-4. DOI=10.5120/19189-0786

@article{ 10.5120/19189-0786,

author = { Sayma Khan, Amit Saxena },

title = { Detecting Input Validation Attacks in Web Application },

journal = { International Journal of Computer Applications },

issue_date = { January 2015 },

volume = { 109 },

number = { 6 },

month = { January },

year = { 2015 },

issn = { 0975-8887 },

pages = { 1-4 },

numpages = {9},

url = { https://ijcaonline.org/archives/volume109/number6/19189-0786/ },

doi = { 10.5120/19189-0786 },

publisher = {Foundation of Computer Science (FCS), NY, USA},

address = {New York, USA}

}

%0 Journal Article

%1 2024-02-06T22:44:02.929338+05:30

%A Sayma Khan

%A Amit Saxena

%T Detecting Input Validation Attacks in Web Application

%J International Journal of Computer Applications

%@ 0975-8887

%V 109

%N 6

%P 1-4

%D 2015

%I Foundation of Computer Science (FCS), NY, USA

Abstract

Internet remains to blow up exponentially and has become more significant in our everyday life, but this resulted in web application targeted by cyber crooks and hacker. The paper identifies vulnerability attacks caused due to inputs performed by a user which are not properly validated across the web application. The existing IDS designed for validation vulnerability attacks are language reliable. Survey paper present a proposed IDS concept which is not language reliant i. e. it is designed for any web application developed with the support of PHP, Java, Dotnet etc. Such concept of IDS is helpful to detect input validation weaknesses like directory traversal attacks, cross site scripting attacks and SQL injection attacks; these were not detected in the extant IDS.

References

Dainotti, A. ; Gargiulo, F. ; Kuncheva, L. I. ; Pescape, A. ; Sansone, C. , "Identification of Traffic Flows Hiding behind TCP Port 80," Communications (ICC), 2010 IEEE International Conference on , vol. , no. , pp. 1,6, 23-27 May 2010 ISSN 1550-3607.
OWASPD-Open Web Application Security Project. "Top ten most critical Web Application Security Risks", https://www. owasp. org/index. php/Top_10_2013-Top_10.
Halfond, William GJ, Alessandro Orso, and Pete Manolios. "WASP: Protecting Web applications using positive tainting and syntax-aware evaluation. " Software Engineering, IEEE Transactions on 34. 1 (2008): 65-81.
Ciampa, A. , Visaggio, C. A. , & Di Penta, M. (2010, May). "A heuristic-based approach for detecting SQL-injection vulnerabilities in Web applications". In Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems (pp. 43-49). ACM.
William G. J. Halfond and Alessandro Orso, "AMNESIA: Analysis and Monitoring for Neutralizing SQLI Attacks" 20th IEEE/ACM International Conference on Automated Software Engineering, Long Beach, USA 2005, pp. 174-183.
Kieyzun, A. , Guo, P. J. , Jayaraman, K. , & Ernst, M. D. (2009, May). Automatic creation of SQL injection and cross-site scripting attacks. In Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on (pp. 199-209). IEEE.
Lijiu Zhang, Quing Gu, Shushen Peng, Xiang Chen, Haigang Zhao, Daoxu," D-WAV Aweb Application Vulnerabilities Detection Tool Using Characteristics of Web Forms" ICSEA'10, IEEE.
Takeshi Matsuda,Daiki Koizumi,Michio Sonoda,Shigeichi Hirasawa, "On predictive errors of SQL injection attack detection by the feature of the single character" Systems, Man, and Cybernetics (SMC), 2011 IEEE International Conference on 9-12 Oct 2011, On Page 1722-1727.
Halder, Raju, and Agostino Cortesi. "Obfuscation-based analysis of SQL injection attacks. " In Computers and Communications (ISCC), 2010 IEEE Symposium on, pp. 931-938. IEEE, 2010.

Index Terms

Computer Science

Information Sciences

Keywords

Directory traversal attacks Detection SQL Injection attacks XSS attacks.