CFP last date
20 December 2024
Reseach Article

Detecting Input Validation Attacks in Web Application

by Sayma Khan, Amit Saxena
International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 109 - Number 6
Year of Publication: 2015
Authors: Sayma Khan, Amit Saxena
10.5120/19189-0786

Sayma Khan, Amit Saxena . Detecting Input Validation Attacks in Web Application. International Journal of Computer Applications. 109, 6 ( January 2015), 1-4. DOI=10.5120/19189-0786

@article{ 10.5120/19189-0786,
author = { Sayma Khan, Amit Saxena },
title = { Detecting Input Validation Attacks in Web Application },
journal = { International Journal of Computer Applications },
issue_date = { January 2015 },
volume = { 109 },
number = { 6 },
month = { January },
year = { 2015 },
issn = { 0975-8887 },
pages = { 1-4 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume109/number6/19189-0786/ },
doi = { 10.5120/19189-0786 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-06T22:44:02.929338+05:30
%A Sayma Khan
%A Amit Saxena
%T Detecting Input Validation Attacks in Web Application
%J International Journal of Computer Applications
%@ 0975-8887
%V 109
%N 6
%P 1-4
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Internet remains to blow up exponentially and has become more significant in our everyday life, but this resulted in web application targeted by cyber crooks and hacker. The paper identifies vulnerability attacks caused due to inputs performed by a user which are not properly validated across the web application. The existing IDS designed for validation vulnerability attacks are language reliable. Survey paper present a proposed IDS concept which is not language reliant i. e. it is designed for any web application developed with the support of PHP, Java, Dotnet etc. Such concept of IDS is helpful to detect input validation weaknesses like directory traversal attacks, cross site scripting attacks and SQL injection attacks; these were not detected in the extant IDS.

References
  1. Dainotti, A. ; Gargiulo, F. ; Kuncheva, L. I. ; Pescape, A. ; Sansone, C. , "Identification of Traffic Flows Hiding behind TCP Port 80," Communications (ICC), 2010 IEEE International Conference on , vol. , no. , pp. 1,6, 23-27 May 2010 ISSN 1550-3607.
  2. OWASPD-Open Web Application Security Project. "Top ten most critical Web Application Security Risks", https://www. owasp. org/index. php/Top_10_2013-Top_10.
  3. Halfond, William GJ, Alessandro Orso, and Pete Manolios. "WASP: Protecting Web applications using positive tainting and syntax-aware evaluation. " Software Engineering, IEEE Transactions on 34. 1 (2008): 65-81.
  4. Ciampa, A. , Visaggio, C. A. , & Di Penta, M. (2010, May). "A heuristic-based approach for detecting SQL-injection vulnerabilities in Web applications". In Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems (pp. 43-49). ACM.
  5. William G. J. Halfond and Alessandro Orso, "AMNESIA: Analysis and Monitoring for Neutralizing SQLI Attacks" 20th IEEE/ACM International Conference on Automated Software Engineering, Long Beach, USA 2005, pp. 174-183.
  6. Kieyzun, A. , Guo, P. J. , Jayaraman, K. , & Ernst, M. D. (2009, May). Automatic creation of SQL injection and cross-site scripting attacks. In Software Engineering, 2009. ICSE 2009. IEEE 31st International Conference on (pp. 199-209). IEEE.
  7. Lijiu Zhang, Quing Gu, Shushen Peng, Xiang Chen, Haigang Zhao, Daoxu," D-WAV Aweb Application Vulnerabilities Detection Tool Using Characteristics of Web Forms" ICSEA'10, IEEE.
  8. Takeshi Matsuda,Daiki Koizumi,Michio Sonoda,Shigeichi Hirasawa, "On predictive errors of SQL injection attack detection by the feature of the single character" Systems, Man, and Cybernetics (SMC), 2011 IEEE International Conference on 9-12 Oct 2011, On Page 1722-1727.
  9. Halder, Raju, and Agostino Cortesi. "Obfuscation-based analysis of SQL injection attacks. " In Computers and Communications (ISCC), 2010 IEEE Symposium on, pp. 931-938. IEEE, 2010.
Index Terms

Computer Science
Information Sciences

Keywords

Directory traversal attacks Detection SQL Injection attacks XSS attacks.