Defensive Approaches on SQL Injection and Cross-Site Scripting Attacks

SQL Injection attacks are the most common attacks on the web applications Statistical analysis says that so many web sites which interact with the database are prone to SQL Injection XSS attacks Different kinds of vulnerability detection system and attack detection systems exist there is no efficient system for detecting these kinds of attacks SQL Injection attacks are possible due to the design drawbacks of the websites which interact with back-end databases Successful attacks may damage more The state-of-art web application input validation echniques fails to identify the proper SQL XSS Vulnerabilities accurately because of the systems correctness of sanity checking capability proper placement of valuators on the applications The systems fail while processing HTTP Parameter pollution attacks An extensive survey on the SQL Injection attacks is conducted to present various detection and prevension mechanism

Automatically Detect Software Security Vulnerabilities Based on Natural Language Processing Techniques and Machine Learning Algorithms

Nowadays, software vulnerabilities pose a serious problem, because cyber-attackers often find ways to attack a system by exploiting software vulnerabilities. Detecting software vulnerabilities can be done using two main methods: i) signature-based detection, i.e. methods based on a list of known security vulnerabilities as a basis for contrasting and comparing; ii) behavior analysis-based detection using classification algorithms, i.e., methods based on analyzing the software code. In order to improve the ability to accurately detect software security vulnerabilities, this study proposes a new approach based on a technique of analyzing and standardizing software code and the random forest (RF) classification algorithm. The novelty and advantages of our proposed method are that to determine abnormal behavior of functions in the software, instead of trying to define behaviors of functions, this study uses the Word2vec natural language processing model to normalize and extract features of functions. Finally, to detect security vulnerabilities in the functions, this study proposes to use a popular and effective supervised machine learning algorithm

Detecting Security Vulnerabilities with Software Architecture Analysis Tools

Hidden functionality in software is a big problem, because we cannot be sure that the software does not contain malicious code. We conducted an experiment where we studied the relationship between architecture constructs, dynamic behavior and security vulnerabilities. We also studied to what extent architecture analysis tools can assist in detecting security vulnerabilities that are caused by architecture violations. Using the tool, we were able to capture the dynamic pattern of a user breaking in to the system using the back door. Based on the dynamic information in combination with the static information, we obtained a good picture of the "visual image" of the back door. Such "visual images" can be used to detect vulnerabilities and ultimately help to design software architectures that meet their security requirements