We apologize for a recent technical issue with our email system, which temporarily affected account activations. Accounts have now been activated. Authors may proceed with paper submissions. PhDFocusTM
CFP last date
20 November 2024
Reseach Article

SQLi and XSS Attack Introduction and Prevention Technique

by Harshad Gaikwad, Bhavesh B. Shah, Priyanka Chatte
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 165 - Number 2
Year of Publication: 2017
Authors: Harshad Gaikwad, Bhavesh B. Shah, Priyanka Chatte
10.5120/ijca2017913798

Harshad Gaikwad, Bhavesh B. Shah, Priyanka Chatte . SQLi and XSS Attack Introduction and Prevention Technique. International Journal of Computer Applications. 165, 2 ( May 2017), 23-27. DOI=10.5120/ijca2017913798

@article{ 10.5120/ijca2017913798,
author = { Harshad Gaikwad, Bhavesh B. Shah, Priyanka Chatte },
title = { SQLi and XSS Attack Introduction and Prevention Technique },
journal = { International Journal of Computer Applications },
issue_date = { May 2017 },
volume = { 165 },
number = { 2 },
month = { May },
year = { 2017 },
issn = { 0975-8887 },
pages = { 23-27 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume165/number2/27547-2017913798/ },
doi = { 10.5120/ijca2017913798 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T00:11:19.994890+05:30
%A Harshad Gaikwad
%A Bhavesh B. Shah
%A Priyanka Chatte
%T SQLi and XSS Attack Introduction and Prevention Technique
%J International Journal of Computer Applications
%@ 0975-8887
%V 165
%N 2
%P 23-27
%D 2017
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Nowadays, web applications are common around the world. every major company/organization have a web application presence. Max of these organizations use web applications to provide various services to clients. Some of these web applications employ database driven content. The back-end database often contains confidential and sensitive information such Password, credit card number, financial data, medical data, email details. Typically the web user/client supplies information, such as a username and password and web server receive user request and interact with the back-end database and returned relevant data to the Front-end. Web Applications penetration testing and security has become progressively most important these days. A lot numbers of malicious attacks are being deployed on the web application. Due to dramatic increase in Web applications usage, Web application get vulnerable to variety of threats. Most of these malicious attacks are targeted towards the web application layer and waf firewall alone cannot prevent these kinds of attacks. The reason behind success of these attacks is the ignorance of application developers while coding the web applications and the predefined vulnerabilities in the existing technologies. Web application attacks are the latest trend and hackers are trying to hack/exploit the web application using different techniques. Various types of solutions are available as open source and in market. But the selection of suitable solution for the security of the organizational systems is a major issue. Some Attack Prevention Technique protect web applications from attacks they sit in front of web applications monitors activity, and block malicious traffic.

References
  1. Chaitali Khairnar, “Detection and Automatic Prevention against SQL Injection Attack and XSS Attacks perform on web application,” Maharashtra india, vol. 5, issue 11,november 2015. .
  2. Kuldeep Kumar, Dr. Debasish Jena and Ravi Kumar.”A Novel Appraoch to detect SQL injection injection in Web application”. 2013,InstaSafe Technologies Pvt. Ltd, Bangalore-560076.
  3. Atefeh Tajpour, Suhaimi Ibrahim, Maslin Masrom, “SQL Injection Detection and Prevention Techniques” International Journal of Advancements in Computing Technology Volume 3, Number 7, August 2011
  4. Punam Thopate, Purva Bamm, Apeksha Kamble, Snehal Kunjir, Prof S.M.Chawre"Cross Site Scripting Attack Detection & Prevention System".International Journal of Advanced Research in Computer Engineering & Technology (IJARCET)Volume 3 Issue 11, November 2.
  5. Cross-site Scripting (XSS): https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)
  6. Open web Application security project, XSS(cross site scripting).prevention cheat sheet,2011; http://www.owasp.org/index.php/Xss_(Cross_site_scripting))_preventation_cheat_Sheet
Index Terms

Computer Science
Information Sciences

Keywords

SQL injection attack SQL query XSS (cross site scripting) Web application Payload filters.