Web Application Vulnerability Detection Using Hybrid String Matching Algorithm

  • Authors

    • B J. Santhosh Kumar
    • Kankanala Pujitha
    2018-07-04
    https://doi.org/10.14419/ijet.v7i3.6.14950
  • SHA-1, DOM sandboxing, URL, SQL.

  • Application uses URL as contribution for Web Application Vulnerabilities recognition. if the length of URL is too long then it will consume more time to scan the URL (Ain Zubaidah et.al 2014).Existing system can notice the web pages but not overall web application. This application will test for URL of any length using String matching algorithm. To avoid XSS and CSRF and detect attacks that try to sidestep program upheld arrangements by white list and DOM sandboxing techniques (Elias Athanasopoulos et.al.2012). The web application incorporates a rundown of cryptographic hashes of legitimate (trusted) client side contents. In the event that there is a cryptographic hash for the content in the white list. On the off chance that the hash is discovered the content is viewed as trusted or not trusted. This application makes utilization of SHA-1 for making a message process. The web server stores reliable scripts inside div or span HTML components that are attribute as reliable. DOM sandboxing helps in identifying the script or code. Partitioning Program Symbols into Code and Non-code. This helps to identify any hidden code in trusted tag, which bypass web server. Scanning the website for detecting the injection locations and injecting the mischievous XSS assault vectors in such infusion focuses and check for these assaults in the helpless web application( Shashank Gupta et.al 2015).The proposed application improve the false negative rate.

     

     

  • References

    1. [1] Saleh AZM, Rozali NA, Buja AG, Jalil KA, Ali FHM & Rahman TFA, “A method for web application vulnerabilities detection by using boyer-moore string matching algorithmâ€, Procedia Computer Science, Vol.72, (2015), pp.112-121.

      [2] Ray D & Ligatti J, “Defining code-injection attacksâ€, ACM SIGPLAN Notices, Vol.47, No.1, (2012), pp.179-190.

      [3] Athanasopoulos E, Pappas V & Markatos EP, “Code-injection attacks in browsers supporting policiesâ€, Proceedings of the 2nd Workshop on Web 2.0 Security & Privacy (W2SP), (2009).

      [4] Singh P, Thevar K, Shetty P & Shaikh B, “Detection of SQL Injection and XSS Vulnerability in Web Applicationâ€, Prevent, Vol.1, No.4, (2013).

      [5] Manojkumar R, “Vulnerability Detection Behind Web Applicationsâ€, Software Engineering and Technology, Vol.7, No.7, (2015), pp.191-193.

      [6] Prabakar MA, Karthikeyan M & Marimuthu K, “An efficient technique for preventing SQL injection attack using pattern matching algorithmâ€, International Conference on Emerging Trends in Computing, Communication and Nanotechnology (ICE-CCN), (2013), pp.503-506.

      [7] Rahman TFA, Buja AG, Abd K & Ali FM, “SQL Injection Attack Scanner Using Boyer- Moore String Matching Algorithmâ€, JCP, Vol.12, No.2, (2017), pp.183-189.

      [8] Marashdih AW & Zaaba ZF, “Cross Site Scripting: Detection Approaches in Web Applicationâ€, International Journal of Advanced Computer Science and Applications, Vol.7, No.10, (2016).

      [9] Raghuvanshi KK & Dixit, DB, “Prevention and Detection Techniques for SQL Injection Attacks. International Journal of Computer Trends and Technology (IJCTT), Vol.12, (2014).

      [10] Anjugam S & Murugan A, “Efficient method for preventing SQL injection attacks on web applications using encryption and tokenizationâ€, International Journal, Vol.4, No.4, (2014).

      [11] Pushpa BR, “Enhancing Data Security by Adapting Network Security and Cryptographic Paradigmsâ€, International Journal of Computer Science and Information Technologies, Vol.5, (2014), pp.1319–1321.

      [12] Joseph S & Jevitha, KP, “Evaluating the Effectiveness of Conventional Fixes for SQL Injection Vulnerabilityâ€, Proceedings of 3rd International Conference on Advanced Computing, Networking and Informatics, Vol.2,

      [13] Shiva Kumar KM, Shruthi K & Shruthi V, “Secured data aggregation in wireless sensor networkâ€, International Journal of Applied Engineering Research, Vol.10, (2015), pp.26761-26768.

  • Downloads

  • How to Cite

    J. Santhosh Kumar, B., & Pujitha, K. (2018). Web Application Vulnerability Detection Using Hybrid String Matching Algorithm. International Journal of Engineering & Technology, 7(3.6), 106-109. https://doi.org/10.14419/ijet.v7i3.6.14950