Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database

With the increasing importance of the internet in our day to day life, data security in web application has become very crucial. Ever increasing on line and real time transaction services have led to manifold rise in the problems associated with the database security. Attacker uses illegal and unauthorized approaches to hijack the confidential information like username, password and other vital details. Hence the real time transaction requires security against web based attacks. SQL injection and cross site scripting attack are the most common application layer attack. The SQL injection attacker pass SQL statement through a web applications input fields, URL or hidden parameters and get access to the database or update it. The attacker take a benefit from user provided data in such a way that the users input is handled as a SQL code. Using this vulnerability an attacker can execute SQL commands directly on the database. SQL injection attacks are most serious threats which take users input and integrate it into SQL query. Reverse Proxy is a technique which is used to sanitize the users inputs that may transform into a database attack. In this technique a data redirector program redirects the users input to the proxy server before it is sent to the application server. At the proxy server, data cleaning algorithm is triggered using a sanitizing application. In this framework we include detection and sanitization of the tainted information being sent to the database and innovate a new prototype.Comment: 9 pages, 6 figures, 3 tables; CIIT 2013 International Conference, Mumba

Hyp3rArmor: reducing web application exposure to automated attacks

Web applications (webapps) are subjected constantly to automated, opportunistic attacks from autonomous robots (bots) engaged in reconnaissance to discover victims that may be vulnerable to specific exploits. This is a typical behavior found in botnet recruitment, worm propagation, largescale fingerprinting and vulnerability scanners. Most anti-bot techniques are deployed at the application layer, thus leaving the network stack of the webapp’s server exposed. In this paper we present a mechanism called Hyp3rArmor, that addresses this vulnerability by minimizing the webapp’s attack surface exposed to automated opportunistic attackers, for JavaScriptenabled web browser clients. Our solution uses port knocking to eliminate the webapp’s visible network footprint. Clients of the webapp are directed to a visible static web server to obtain JavaScript that authenticates the client to the webapp server (using port knocking) before making any requests to the webapp. Our implementation of Hyp3rArmor, which is compatible with all webapp architectures, has been deployed and used to defend single and multi-page websites on the Internet for 114 days. During this time period the static web server observed 964 attempted attacks that were deflected from the webapp, which was only accessed by authenticated clients. Our evaluation shows that in most cases client-side overheads were negligible and that server-side overheads were minimal. Hyp3rArmor is ideal for critical systems and legacy applications that must be accessible on the Internet. Additionally Hyp3rArmor is composable with other security tools, adding an additional layer to a defense in depth approach.This work has been supported by the National Science Foundation (NSF) awards #1430145, #1414119, and #1012798

X-Secure:protecting users from big bad wolves

In 2014 over 70% of people in Great Britain accessed the Internet every day. This resource is an optimal vector for malicious attackers to penetrate home computers and as such compromised pages have been increasing in both number and complexity. This paper presents X-Secure, a novel browser plug-in designed to present and raise the awareness of inexperienced users by analysing web-pages before malicious scripts are executed by the host computer. X-Secure was able to detect over 90% of the tested attacks and provides a danger level based on cumulative analysis of the source code, the URL, and the remote server, by using a set of heuristics, hence increasing the situational awareness of users browsing the internet

Cyber security picture 2013

Summary: This report summarises cyber intrusion activity identified by or reported to the Cyber Security Operations Centre (CSOC) during 2013. It provides a broad overview of cyber threats to Australian government networks, as observed by the CSOC. The Strategies to Mitigate Targeted Cyber Intrusions remain your best defence against the cyber threat. Implementing the Top 4 strategies as a package is at the core of this protection, as they mitigate at least 85% of cyber intrusions responded to by the CSOC. The Top 4 strategies prevent execution of malicious software, and minimise software vulnerabilities and the ability of a cyber adversary to propagate across a network. The remaining 31 strategies form an excellent basis from which to assess further network security initiatives based on a risk assessment. Your risk assessment processes should take into account the specific risks faced by your agency, the information you are protecting, and your current network security posture. While socially-engineered emails remain the most prevalent threat to Australian government networks, the CSOC observed the emergence of several new techniques used in these emails during 2013, such as the use of cloud storage providers, Java files, and the repurposing of genuine emails. The increasing skill and resourcefulness of cyber adversaries highlights the importance of being continually vigilant and up-to-date in your network security. The Strategies to Mitigate Targeted Cyber Intrusions have been updated in 2014 to reflect the evolution of the threat environment. Although the initial cost of implementing the Strategies to Mitigate Targeted Cyber Intrusions can seem high for some agencies, they actually represent an important investment in your organisation, reducing long-term costs and risk. If you experience a network compromise, not only will you be faced with the cost of implementing these strategies to prevent further compromise, but you will also incur both higher direct and indirect costs associated with remediating the compromise. These costs include, but are not limited to, investigating the compromise, tactical remediation, reputational costs, opportunity costs from the loss of information, and lost productivity