2,320 research outputs found
Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database
With the increasing importance of the internet in our day to day life, data
security in web application has become very crucial. Ever increasing on line
and real time transaction services have led to manifold rise in the problems
associated with the database security. Attacker uses illegal and unauthorized
approaches to hijack the confidential information like username, password and
other vital details. Hence the real time transaction requires security against
web based attacks. SQL injection and cross site scripting attack are the most
common application layer attack. The SQL injection attacker pass SQL statement
through a web applications input fields, URL or hidden parameters and get
access to the database or update it. The attacker take a benefit from user
provided data in such a way that the users input is handled as a SQL code.
Using this vulnerability an attacker can execute SQL commands directly on the
database. SQL injection attacks are most serious threats which take users input
and integrate it into SQL query. Reverse Proxy is a technique which is used to
sanitize the users inputs that may transform into a database attack. In this
technique a data redirector program redirects the users input to the proxy
server before it is sent to the application server. At the proxy server, data
cleaning algorithm is triggered using a sanitizing application. In this
framework we include detection and sanitization of the tainted information
being sent to the database and innovate a new prototype.Comment: 9 pages, 6 figures, 3 tables; CIIT 2013 International Conference,
Mumba
Using HTML5 to Prevent Detection of Drive-by-Download Web Malware
The web is experiencing an explosive growth in the last years. New
technologies are introduced at a very fast-pace with the aim of narrowing the
gap between web-based applications and traditional desktop applications. The
results are web applications that look and feel almost like desktop
applications while retaining the advantages of being originated from the web.
However, these advancements come at a price. The same technologies used to
build responsive, pleasant and fully-featured web applications, can also be
used to write web malware able to escape detection systems. In this article we
present new obfuscation techniques, based on some of the features of the
upcoming HTML5 standard, which can be used to deceive malware detection
systems. The proposed techniques have been experimented on a reference set of
obfuscated malware. Our results show that the malware rewritten using our
obfuscation techniques go undetected while being analyzed by a large number of
detection systems. The same detection systems were able to correctly identify
the same malware in its original unobfuscated form. We also provide some hints
about how the existing malware detection systems can be modified in order to
cope with these new techniques.Comment: This is the pre-peer reviewed version of the article: \emph{Using
HTML5 to Prevent Detection of Drive-by-Download Web Malware}, which has been
published in final form at \url{http://dx.doi.org/10.1002/sec.1077}. This
article may be used for non-commercial purposes in accordance with Wiley
Terms and Conditions for Self-Archivin
DeepSQLi: Deep Semantic Learning for Testing SQL Injection
Security is unarguably the most serious concern for Web applications, to
which SQL injection (SQLi) attack is one of the most devastating attacks.
Automatically testing SQLi vulnerabilities is of ultimate importance, yet is
unfortunately far from trivial to implement. This is because the existence of a
huge, or potentially infinite, number of variants and semantic possibilities of
SQL leading to SQLi attacks on various Web applications. In this paper, we
propose a deep natural language processing based tool, dubbed DeepSQLi, to
generate test cases for detecting SQLi vulnerabilities. Through adopting deep
learning based neural language model and sequence of words prediction, DeepSQLi
is equipped with the ability to learn the semantic knowledge embedded in SQLi
attacks, allowing it to translate user inputs (or a test case) into a new test
case, which is semantically related and potentially more sophisticated.
Experiments are conducted to compare DeepSQLi with SQLmap, a state-of-the-art
SQLi testing automation tool, on six real-world Web applications that are of
different scales, characteristics and domains. Empirical results demonstrate
the effectiveness and the remarkable superiority of DeepSQLi over SQLmap, such
that more SQLi vulnerabilities can be identified by using a less number of test
cases, whilst running much faster
SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources
SQL Injection continues to be one of the most damaging security exploits in terms of personal information exposure as well as monetary loss. Injection attacks are the number one vulnerability in the most recent OWASP Top 10 report, and the number of these attacks continues to increase. Traditional defense strategies often involve static, signature-based IDS (Intrusion Detection System) rules which are mostly effective only against previously observed attacks but not unknown, or zero-day, attacks. Much current research involves the use of machine learning techniques, which are able to detect unknown attacks, but depending on the algorithm can be costly in terms of performance. In addition, most current intrusion detection strategies involve collection of traffic coming into the web application either from a network device or from the web application host, while other strategies collect data from the database server logs. In this project, we are collecting traffic from two points: the web application host, and a Datiphy appliance node located between the webapp host and the associated MySQL database server. In our analysis of these two datasets, and another dataset that is correlated between the two, we have been able to demonstrate that accuracy obtained with the correlated dataset using algorithms such as rule-based and decision tree are nearly the same as those with a neural network algorithm, but with greatly improved performance
- …