Web Security Detection Tool

According to Government Computer News (GCN) web attacks have been marked as all- time high this year. GCN says that some of the leading security software like SOPHOS detected about 15,000 newly infected web pages daily in initial three months of 2008 [13]. This has lead to the need of efficient software to make web applications robust and sustainable to these attacks. While finding information on different types of attacks, I found that SQL injection and cross site scripting are the most famous among attackers. These attacks are used extensively since, they can be performed using different techniques and it is difficult to make a web application completely immune to these attacks. There are myriad detection tools available which help to detect vulnerabilities in web applications. These tools are mainly categorized as white-box and black-box testing tools. In this writing project, we aim to develop a detection tool which would be efficient and helpful for the users to pinpoint possible vulnerabilities in his/her PHP scripts. We propose a technique to integrate the aforementioned categories of tools under one framework to achieve better detection against possible vulnerabilities. Our system focuses on giving the developer a simple and concise tool which would help him/her to correct possible loopholes in the PHP code snippets

SQL Injection Detection Using Machine Learning Techniques and Multiple Data Sources

SQL Injection continues to be one of the most damaging security exploits in terms of personal information exposure as well as monetary loss. Injection attacks are the number one vulnerability in the most recent OWASP Top 10 report, and the number of these attacks continues to increase. Traditional defense strategies often involve static, signature-based IDS (Intrusion Detection System) rules which are mostly effective only against previously observed attacks but not unknown, or zero-day, attacks. Much current research involves the use of machine learning techniques, which are able to detect unknown attacks, but depending on the algorithm can be costly in terms of performance. In addition, most current intrusion detection strategies involve collection of traffic coming into the web application either from a network device or from the web application host, while other strategies collect data from the database server logs. In this project, we are collecting traffic from two points: the web application host, and a Datiphy appliance node located between the webapp host and the associated MySQL database server. In our analysis of these two datasets, and another dataset that is correlated between the two, we have been able to demonstrate that accuracy obtained with the correlated dataset using algorithms such as rule-based and decision tree are nearly the same as those with a neural network algorithm, but with greatly improved performance

Preventing SQL Injection through Automatic Query Sanitization with ASSIST

Web applications are becoming an essential part of our everyday lives. Many of our activities are dependent on the functionality and security of these applications. As the scale of these applications grows, injection vulnerabilities such as SQL injection are major security challenges for developers today. This paper presents the technique of automatic query sanitization to automatically remove SQL injection vulnerabilities in code. In our technique, a combination of static analysis and program transformation are used to automatically instrument web applications with sanitization code. We have implemented this technique in a tool named ASSIST (Automatic and Static SQL Injection Sanitization Tool) for protecting Java-based web applications. Our experimental evaluation showed that our technique is effective against SQL injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330

SQL Injection Detection Using Machine Learning

Sharing information over the Internet over multiple platforms and web-applications has become a quite common phenomenon in the recent times. The web-based applications that accept critical information from users store this information in databases. These applications and the databases connected to them are susceptible to all kinds of information security threats due to being accessible through the Internet. The threats include attacks such as Cross Side Scripting (CSS), Denial of Service Attack (DoS0, and Structured Query Language (SQL) Injection attacks. SQL Injection attacks fall under the top ten vulnerabilities when we talk about web-based applications. Through this kind of attack, the attacker can steal critical and confidential information and hence it could have damaging effects on a business or organization. The effects could range from monetary loss, leaking confidential business information, decrease in company’s stock market value or any combination of these. In this paper we have used an algorithm called Gradient Boosting Classifier from ensemble machine learning approaches to classify and detect SQL Injection attacks

Prevention of SQL Injection Attacks using AWS WAF

SQL injection is one of several different types of code injection techniques used to attack data driven applications. This is done by the attacker injecting an input in the query not intended by the programmer of the application gaining the access of the database which results in potential reading, modification or deletion of users’ data. The vulnerabilities are due to the lack of input validation which is the most critical part of software security that is often not properly covered in the design phase of the software development lifecycle. This paper presents different techniques and some of the countermeasures for detection and prevention of SQL injection attacks. The proposed procedure in the paper is to use a database firewall between the client (user) side and the database server through AWS to avoid the malicious codes injected by the attackers

Web Application Reinforcement via Efficient Systematic Analysis and Runtime Validation (ESARV)

Securing the data, a fundamental asset in an organization, against SQL Injection (SQLI), the most frequent attack in web applications, is vital. In SQLI, an attacker alters the structure of the actual query by injecting code via the input, and gaining access to the database. This paper proposes a new method for securing web applications against SQLI Attacks (SQLIAs). It contains two phases based on systematic analysis and runtime validation and uses our new technique for detection and prevention. At the static phase, our method removes user inputs from SQL queries and gathers as much information as possible, from static and dynamic queries in order to minimize the overhead at runtime. On the other hand, at the dynamic phase, the prepared information alongside our technique are used to check the validity of the runtime query. To facilitate the usage of our method and show our expectations in practice, ESARV was implemented. The empirical evaluations demonstrated in this paper, indicate that ESARV is efficient, accurate, effective, and also has no deployment requirements

Security in web applications: a comparative analysis of key SQL injection detection techniques

Over the years, technological advances have driven massive proliferation of web systems and businesses have harbored a seemingly insatiable need for Internet systems and services. Whilst data is considered as a key asset to businesses and that their security is of extreme importance, there has been growing cybersecurity threats faced by web systems. One of the key attacks that web applications are vulnerable to is SQL injection (SQLi) attacks and successful attacks can reveal sensitive information to attackers or even deface web systems. As part of SQLi defence strategy, effective detection of SQLi attacks is important. Even though different techniques have been devised over the years to detect SQLi attacks, limited work has been undertaken to review and compare the effectiveness of these detection techniques. As such, in order to address this gap in literature, this paper performs a review and comparative analysis of the different SQLi detection techniques, with the aim to detect SQLi attacks in an effective manner and enhance the security of web applications. As part of the investigation, seven SQLi detection techniques including machine learning based detection are reviewed and their effectiveness against different types of SQLi attacks are compared. Results identified positive tainting and adoption of machine learning among the most effective techniques and stored procedures based SQLi as the most challenging attack to detect