Web Application Vulnerability Detection Using Hybrid String Matching Algorithm

 
 
 
  • Abstract
  • Keywords
  • References
  • PDF
  • Abstract


    Application uses URL as contribution for Web Application Vulnerabilities recognition. if the length of URL is too long then it will consume more time to scan the URL (Ain Zubaidah et.al 2014).Existing system can notice the web pages but not overall web application. This application will test for URL of any length using String matching algorithm. To avoid XSS and CSRF and detect attacks that try to sidestep program upheld arrangements by white list and DOM sandboxing techniques (Elias Athanasopoulos et.al.2012). The web application incorporates a rundown of cryptographic hashes of legitimate (trusted) client side contents. In the event that there is a cryptographic hash for the content in the white list. On the off chance that the hash is discovered the content is viewed as trusted or not trusted. This application makes utilization of SHA-1 for making a message process. The web server stores reliable scripts inside div or span HTML components that are attribute as reliable. DOM sandboxing helps in identifying the script or code. Partitioning Program Symbols into Code and Non-code. This helps to identify any hidden code in trusted tag, which bypass web server. Scanning the website for detecting the injection locations and injecting the mischievous XSS assault vectors in such infusion focuses and check for these assaults in the helpless web application( Shashank Gupta et.al 2015).The proposed application improve the false negative rate.

     

     


  • Keywords


    SHA-1, DOM sandboxing, URL, SQL.

  • References


      [1] Saleh AZM, Rozali NA, Buja AG, Jalil KA, Ali FHM & Rahman TFA, “A method for web application vulnerabilities detection by using boyer-moore string matching algorithm”, Procedia Computer Science, Vol.72, (2015), pp.112-121.

      [2] Ray D & Ligatti J, “Defining code-injection attacks”, ACM SIGPLAN Notices, Vol.47, No.1, (2012), pp.179-190.

      [3] Athanasopoulos E, Pappas V & Markatos EP, “Code-injection attacks in browsers supporting policies”, Proceedings of the 2nd Workshop on Web 2.0 Security & Privacy (W2SP), (2009).

      [4] Singh P, Thevar K, Shetty P & Shaikh B, “Detection of SQL Injection and XSS Vulnerability in Web Application”, Prevent, Vol.1, No.4, (2013).

      [5] Manojkumar R, “Vulnerability Detection Behind Web Applications”, Software Engineering and Technology, Vol.7, No.7, (2015), pp.191-193.

      [6] Prabakar MA, Karthikeyan M & Marimuthu K, “An efficient technique for preventing SQL injection attack using pattern matching algorithm”, International Conference on Emerging Trends in Computing, Communication and Nanotechnology (ICE-CCN), (2013), pp.503-506.

      [7] Rahman TFA, Buja AG, Abd K & Ali FM, “SQL Injection Attack Scanner Using Boyer- Moore String Matching Algorithm”, JCP, Vol.12, No.2, (2017), pp.183-189.

      [8] Marashdih AW & Zaaba ZF, “Cross Site Scripting: Detection Approaches in Web Application”, International Journal of Advanced Computer Science and Applications, Vol.7, No.10, (2016).

      [9] Raghuvanshi KK & Dixit, DB, “Prevention and Detection Techniques for SQL Injection Attacks. International Journal of Computer Trends and Technology (IJCTT), Vol.12, (2014).

      [10] Anjugam S & Murugan A, “Efficient method for preventing SQL injection attacks on web applications using encryption and tokenization”, International Journal, Vol.4, No.4, (2014).

      [11] Pushpa BR, “Enhancing Data Security by Adapting Network Security and Cryptographic Paradigms”, International Journal of Computer Science and Information Technologies, Vol.5, (2014), pp.1319–1321.

      [12] Joseph S & Jevitha, KP, “Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerability”, Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics, Vol.2,

      [13] Shiva Kumar KM, Shruthi K & Shruthi V, “Secured data aggregation in wireless sensor network”, International Journal of Applied Engineering Research, Vol.10, (2015), pp.26761-26768.


 

View

Download

Article ID: 14950
 
DOI: 10.14419/ijet.v7i3.6.14950




Copyright © 2012-2015 Science Publishing Corporation Inc. All rights reserved.