16,500 research outputs found
Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database
With the increasing importance of the internet in our day to day life, data
security in web application has become very crucial. Ever increasing on line
and real time transaction services have led to manifold rise in the problems
associated with the database security. Attacker uses illegal and unauthorized
approaches to hijack the confidential information like username, password and
other vital details. Hence the real time transaction requires security against
web based attacks. SQL injection and cross site scripting attack are the most
common application layer attack. The SQL injection attacker pass SQL statement
through a web applications input fields, URL or hidden parameters and get
access to the database or update it. The attacker take a benefit from user
provided data in such a way that the users input is handled as a SQL code.
Using this vulnerability an attacker can execute SQL commands directly on the
database. SQL injection attacks are most serious threats which take users input
and integrate it into SQL query. Reverse Proxy is a technique which is used to
sanitize the users inputs that may transform into a database attack. In this
technique a data redirector program redirects the users input to the proxy
server before it is sent to the application server. At the proxy server, data
cleaning algorithm is triggered using a sanitizing application. In this
framework we include detection and sanitization of the tainted information
being sent to the database and innovate a new prototype.Comment: 9 pages, 6 figures, 3 tables; CIIT 2013 International Conference,
Mumba
Privacy Preserving Location-Based Client-Server Service Using Standard Cryptosystem
Location-Based Mobile Services (LBMS) is rapidly gaining ground and becoming increasingly popular, because of the variety of efficient and personalized services it offers. However, if users are not guaranteed their privacy and there is no assurance of genuineness of server\u27s response, the use of these services would be rendered useless and could deter its growth in mobile computing. This paper aims to provide confidentiality and integrity for communication that occurs between users and location service providers. A practical system that guarantees a user\u27s privacy and integrity of server\u27s response, using a cryptographic scheme with no trusted intermediary, is provided. This scheme also employs the use of symmetric and asymmetric encryption algorithms to ensure secure message and key transfer. In order to overcome the problem of computational complexities with these algorithms, AES-256 is used to encrypt the message and user\u27s location. Several researches have been done in this category but there is still no system that checks the integrity of server\u27s response. The proposed scheme is resistant to a range of susceptible attacks, because it provides a detailed security analysis and, when compared with related work, shows that it can actually guarantee privacy and integrity with faster average response time and higher throughput in LBMS
- ā¦