CFP last date
20 December 2024
Call for Paper
January Edition
IJCA solicits high quality original research papers for the upcoming January edition of the journal. The last date of research paper submission is 20 December 2024

Submit your paper
Know more
The week's pick
Responsive image
Improved Shuffled Frog Leaping Algorithm with Self-Adaptive Shuffling for Fuzzy Logic PD+G Controller Optimization in Robotic Manipulators

Duc Hoang Nguyen
Random Articles
Reseach Article

Investigation of Detection and Mitigation of Web Application Vulnerabilities

by Shekhar Disawal, Ugrasen Suman, Maya Rathore
journal cover thumbnail

International Journal of Computer Applications
Foundation of Computer Science (FCS), NY, USA
Volume 184 - Number 1
Year of Publication: 2022
Authors: Shekhar Disawal, Ugrasen Suman, Maya Rathore
10.5120/ijca2022921964

Shekhar Disawal, Ugrasen Suman, Maya Rathore . Investigation of Detection and Mitigation of Web Application Vulnerabilities. International Journal of Computer Applications. 184, 1 ( Mar 2022), 30-36. DOI=10.5120/ijca2022921964

@article{ 10.5120/ijca2022921964,
author = { Shekhar Disawal, Ugrasen Suman, Maya Rathore },
title = { Investigation of Detection and Mitigation of Web Application Vulnerabilities },
journal = { International Journal of Computer Applications },
issue_date = { Mar 2022 },
volume = { 184 },
number = { 1 },
month = { Mar },
year = { 2022 },
issn = { 0975-8887 },
pages = { 30-36 },
numpages = {9},
url = { https://ijcaonline.org/archives/volume184/number1/32300-2022921964/ },
doi = { 10.5120/ijca2022921964 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2024-02-07T01:24:47.054500+05:30
%A Shekhar Disawal
%A Ugrasen Suman
%A Maya Rathore
%T Investigation of Detection and Mitigation of Web Application Vulnerabilities
%J International Journal of Computer Applications
%@ 0975-8887
%V 184
%N 1
%P 30-36
%D 2022
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Web applications are the backbone of technology in the global era of information. In this digital world connecting many commercial organizations that utilize the internet for financial transactions, education, and other activities. In recent days, web applications have been exploited by attackers frequently. Most web developers and website owners have limited awareness of the vulnerabilities in their websites,which are prone to web vulnerability attacks. Many researchers are working to detect and mitigate the vulnerability and provide differentmethods to resolve the various types of web vulnerabilities. However, these solutions are insufficient since they often have restrictions and areinefficient to prevent all vulnerabilities. This paper aims to reviewexisting detection and mitigation methodsfor web application vulnerabilities.This will helppractitioners to develop practices and solve issues related to web vulnerabilities.

References
  1. Indian Computer Emergency Response Team (CERT-In), “Annual Report-2017”, Ministry of Electronics & Information Technology, Government of India, 2018.
  2. Statista, “Number of web attacks blocked daily worldwide 2015-2018”,[Online], Available:https://www.statista.com/statistics/494961/web-attacksblocked-per-day-worldwide/, 2019.
  3. Businesses standard, India becomes favourite destination for cyber criminals amid Covid-19, 6 April 2021. [Online], Available: https://www.business-standard.com/article/technology/india-becomes-favourite-destination-for-cyber-criminals-amid-covid-19-121040501218_1.html.
  4. Monika Rohilla et. al., “XSS Attack: Detection and Prevention Techniques”, International Journal of Scientific & Engineering Research, Volume 7, Issue 12, December-2016.
  5. Minamide, Y., “Static Approximation of Dynamically Generated Web Pages”, WWW '05 Proceedings of the 14th international conference on World Wide (pp. 432-441). New York, NY, USA: ACM, 2005.
  6. Jovanovic, N., Kruegel, C., &Kirda, E., “Pixy: a static analysis tool for detecting Web application vulnerabilities”, IEEE Symposium on Security and Privacy (S&P'06), (pp. 6pp.-263), Berkeley/Oakland, CA: IEEE, 2006.
  7. Doupe, A. et. al., “deDcota: Toward Preventing Server - Side XSS via Automatic Code and Data Seperation”, CCS'11, Berlin Germany, ACM, 2013.
  8. A, V. B., & P, J. K., “Prediction of Cross Site Scripting Attack Using Machine Learning Algorithm”, ICONIAAC, Amritapuri India: ACM, 2014.
  9. Kirda E. et. al., “Client - Side Cross Site Scripting protection”, 2009.
  10. Duraisamy, Kannan, &Selvamani., “Protection of Web Application from Cross Site Scripting Attack in Browser Side”, IJCSIS, 229-236, 2010.
  11. Shalini, & Usha, “Prevention of Cross Site Scriptig Attack (XSS) on Web Application in The Client Side”, IJCSI International Journal of Computer Science Issue, 2011.
  12. Balzarotti D. et al., “Paper Review: Saner: Composing Static and Dynamic Analysis to Validate Sanitization in Web Applications”, Security and Privacy, IEEE symposium (pp. 378-401), Oakland CA: IEEE, 2008.
  13. Akhawe B., Saxsena, F., &Weinberge, S., “A Systematic Analysis of XSS Sanitization in Web Application Framework”, ESORICS'11 Proceeding of the 16th European Conference on Research in Computer Security, ACM, 2011.
  14. Duraisamy A., Sathiyamoorthy M., & Chandrasekar S., “A Server-Side Solution for Protecting of Web Application from Cross-Site Scripting Attack”, International Journal of Innovative Technology and Exploring Engineering (IJITEE), 2(4), March - 2013.
  15. M. Jensen et. al., “A survey of attacks on web services”, Computer Science-Research and Development, 2009. 24(4): p. 185-197.
  16. P. Kumar and R. Pateriya, “A survey on SQL Injection attacks, detection and prevention techniques”, In Computing Communication & Networking Technologies (ICCCNT), Third International Conference on 2012, IEEE.
  17. X.G.R. Chaudhariand M.V. Vaidya, “A Survey on Security and Vulnerabilities of Web Application”, IJCSIT, 2014.
  18. S. Srivastava, “A Survey On: Attacks due to SQL Injection and their prevention method for web application”, 2012.
  19. X. Liand Y. Xue, “A survey on server-side approaches to securing web applications”, ACM Computing Surveys, 2014. 46(4): p. 1-29.
  20. U. Agarwal et. al., “A Survey of SQL Injection Attacks”, International Journal of Advanced Research in Computer Science and Software Engineering, 2015.
  21. Shikhar Jain & Alwyn R. Pais, "Model-Based Approach to Prevent SQL Injection Attacks on .NET Applications", International Journal of Computer Science & Informatics, Volume-I, Issue-H, 2011.
  22. Takeshi Matsuda et al., "On predictive errors of SQL injection attack detection by the feature of the single character" Systems, Man, and Cybernetics (SMC), 2011, IEEE International Conference on 9-12 Oct 2011, On Page 1722-1727.
  23. Raju Halder and Agostino Cortesi, "Obfuscation-based Analysis of SQL Injection Attacks", IEEE, 978-1-4244-7755-5/10/$26.00, 2010.
  24. D. Appelt et al., “Automated testing for SQL injection vulnerabilities: an input mutation approach”, International Symposium on Software Testing and Analysis; p. 259-26, ACM, 2014.
  25. Thome J, Shar LK, & Briand L., “Security slicing for auditing XML, XPath, and SQL injection vulnerabilities”, IEEE 26th International Symposium on Software Reliability Engineering, pp. 553-564, 2015.
  26. Laranjeiro N, Vieira M, & Madeira H, “A Learning-Based Approach to Secure Web Services from SQL/XPath Injection Attacks”, IEEE 16th Pacific Rim International Symposium on Dependable Computing, pp. 191-198, 2010.
  27. IndraniBalasundaram and E. Ramaraj "An Efficient Technique for Detection and Prevention of SQL Injection Attack using ASCII Based String Matching", International Conference on Communication Technology and System Design 2011 © 2011 Published by Elsevier Ltd. Selection and/or peer-review under responsibility of ICCTSD, 2011.
  28. A. Asmawi et al., “Model-based system architecture for preventing XPath injection in database-centric web services environment”, 7th International Conference on Computing and Convergence Technology, pp. 621-625, 2012.
  29. Marashdih Abdalla Wasef et al., “Web Security: Detection of Cross Site Scripting in PHP Web Application Using Genetic Algorithm”, International Journal of Advanced Computer Science and Applications, 8 (5): 64-75, 2017.
  30. Medeiros et al., “Detecting and Removing Web Application Vulnerabilities with Static Analysis and Data Mining”, IEEE Transactions on Reliability 65 (1): 54-69, 2016.
  31. Steinhauser Antonín, and Petr Tůma, “Database Traffic Interception for Graybox Detection of Stored and Context-Sensitive XSS”, arXiv preprint arXiv:2005.03322, 7 Aug, 2020.
  32. Zhang Xueqin, et al., “Adversarial Examples Detection for XSS Attacks Based on Generative Adversarial Networks”, IEEE Access 8: 10989-10996, 2020.
  33. Fawaz Mahiuob Mohammed Mokbal, et al., “MLPXSS: An Integrated XSS-Based Attack Detection Scheme in Web Applications Using Multilayer Perceptron Technique”, IEEE, 2019.
  34. Ran Wang, et al., “TT-XSS: A novel taint tracking based dynamic detection framework for DOM Cross-Site Scripting”, Journal of Parallel and Distributed Computing 118: 100-106, 2018.
  35. H. Shahriar and M. Zulkernine, "S2XS2: A Server-Side Approach to Automatically Detect XSS Attacks”, 2011 IEEE Ninth International Conference on Dependable, Autonomic and Secure Computing, Sydney, NSW, pp. 7-14, 2011.
  36. J. Pan and X. Mao, "DomXssMicro: A Micro Benchmark for Evaluating DOM-Based Cross-Site Scripting Detection", 2016 IEEE Trustcom/BigDataSE/ISPA, Tianjin,2016, pp. 208-215, 2016.
  37. Tawfiq S. Barhoom and Sarah N. Kohail, “A new server-side solution for detecting Cross Site Scripting attack”, International Journal of Computer Information Systems, Vol. 3, No. 2, 2011.
  38. Shashank Gupta and B. B. Gupta, “Automated discovery of JavaScript code injection attacks in PHP web applications”, International Conference on Information Security & Privacy (ICISP), Nagpur, INDIA, 11-12 December 2015, Elsevier, Procedia Computer Science, vol. 78, pp.82 – 87, 2016.
  39. M. Gundy and H. Chen, “Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-site Scripting Attacks,” Proc. of NDSS, San Diego, Feb. 2009.
  40. Prithvi Bisht, V. N. Venkatakrishnan, "XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks”, Detection of Intrusions and Malware, and Vulnerability Assessment Systems and Internet Security Lab, Department of Computer Science University of Illinois, Chicago, pp. 23-43, 2008.
  41. B. Mewara, et al., "Enhanced browser defense for reflected Cross-Site Scripting”, Proceedings of 3rd International Conference on Reliability, Infocom Technologies and Optimization, Noida, pp. 1-6, 2014.
  42. Muñoz-Arteaga J, et al., “Misuse pattern: spoofing web services”, 2nd Asian Conference on Pattern Languages of Programs, 2011.
Index Terms

Computer Science
Information Sciences

Keywords

Web application vulnerability Detection and Mitigation Web attacks

Powered by PhDFocusTM