Call for Paper - January 2023 Edition
IJCA solicits original research papers for the January 2023 Edition. Last date of manuscript submission is December 20, 2022. Read More

Evaluating the Security Flaws in Web Applications

Print
PDF
International Journal of Computer Applications
© 2015 by IJCA Journal
Volume 122 - Number 5
Year of Publication: 2015
Authors:
Prabhdeep Kaur
Harkamal Kaur
10.5120/21697-4806

Prabhdeep Kaur and Harkamal Kaur. Article: Evaluating the Security Flaws in Web Applications. International Journal of Computer Applications 122(5):27-29, July 2015. Full text available. BibTeX

@article{key:article,
	author = {Prabhdeep Kaur and Harkamal Kaur},
	title = {Article: Evaluating the Security Flaws in Web Applications},
	journal = {International Journal of Computer Applications},
	year = {2015},
	volume = {122},
	number = {5},
	pages = {27-29},
	month = {July},
	note = {Full text available}
}

Abstract

Web security is an important area of research. This work has focused on web securing schemes. The primary concentration is to interpret the way to handle the SQL Injections. It is one of the many web attack methods used by hackers to steal data from industries. It is one of the most usual technique used in present era for application layer attack It is the category of attack that takes the benefit of. Improper coding of your web applications that allows hacker to inject SQL commands into say a login form to allow them to gain access to the data held within your database. So in this work we have reviewed different research on the SQL injections.

References

  • "Introduction to Web Application Security" [online available]: http://msdn. microsoft. com
  • "What is an SQL Injection? SQL Injections: An Introduction"[online available]: http://resources. infosecinstitute. com
  • Madan, Sushila. "Security Standards Perspective to Fortify Web Database Applications From Code Injection Attacks. " In Intelligent Systems, Modelling and Simulation (ISMS), 2010 International Conference on, pp. 226-230. IEEE, 2010.
  • Wang, Xin, Luhua Wang, Gengyu Wei, Dongmei Zhang, and Yixian Yang. "Hidden web crawling for SQL injection detection. " In Broadband Network and Multimedia Technology (IC-BNMT), 2010 3rd IEEE International Conference on, pp. 14-18. IEEE, 2010.
  • Zhang, Xin-hua, and Zhi-jian Wang. "A static analysis tool for detecting web application injection vulnerabilities for ASP program. " In e-Business and Information System Security (EBISS), 2010 2nd International Conference on, pp. 1-5. IEEE, 2010.
  • Chen, Jan-Min, and Chia-Lun Wu. "An automated vulnerability scanner for injection attack based on injection point. " In Computer Symposium (ICS), 2010 International, pp. 113-118. IEEE, 2010.
  • Priyadarshini, R. , D. Jagadiswaree, A. Fareedha, and M. Janarthanan. "A cross platform intrusion detection system using inter server communication technique. " In Recent Trends in Information Technology (ICRTIT), 2011 International Conference on, pp. 1259-1264. IEEE, 2011.
  • Stuckman, Jeff, and James Purtilo. "A testbed for the evaluation of web intrusion prevention systems. " In Security Measurements and Metrics (Metrisec), 2011 Third International Workshop on, pp. 66-75. IEEE, 2011.
  • Wu, Haiyan, and Guozhu Gao. "Test SQL injection vulnerabilities in web applications based on structure matching. " In Computer Science and Network Technology (ICCSNT), 2011 International Conference on, vol. 2, pp. 935-938. IEEE, 2011.
  • Mainka, Christian, Juraj Somorovsky, and Jorg Schwenk. "Penetration testing tool for web services security. " In Services (SERVICES), 2012 IEEE Eighth World Congress on, pp. 163-170. IEEE, 2012.
  • Avireddy, Srinivas, Varalakshmi Perumal, Narayan Gowraj, Ram Srivatsa Kannan, Prashanth Thinakaran, Sundaravadanam Ganapthi, Jashwant Raj Gunasekaran, and Sruthi Prabhu. "Random4: An Application Specific Randomized Encryption Algorithm to prevent SQL injection. " In Trust, Security and Privacy in Computing and Communications (TrustCom), 2012 IEEE 11th International Conference on, pp. 1327-1333. IEEE, 2012.
  • Scholte, Theodoor, William Robertson, Davide Balzarotti, and Engin Kirda. "Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis. " In Computer Software and Applications Conference (COMPSAC), 2012 IEEE 36th Annual, pp. 233-243. IEEE, 2012.
  • Brinhosa, Rafael Bosse, Carla Merkle Westphall, and Carlos Becker Westphall. "Proposal and development of the web services input validation model. " In Network Operations and Management Symposium (NOMS), 2012 IEEE, pp. 643-646. IEEE, 2012.
  • Shar, Lwin Khin, and Hee Beng Kuan Tan. "Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities. " In Proceedings of the 2012 International Conference on Software Engineering, pp. 1293-1296. IEEE Press, 2012.