3,220 research outputs found
Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database
With the increasing importance of the internet in our day to day life, data
security in web application has become very crucial. Ever increasing on line
and real time transaction services have led to manifold rise in the problems
associated with the database security. Attacker uses illegal and unauthorized
approaches to hijack the confidential information like username, password and
other vital details. Hence the real time transaction requires security against
web based attacks. SQL injection and cross site scripting attack are the most
common application layer attack. The SQL injection attacker pass SQL statement
through a web applications input fields, URL or hidden parameters and get
access to the database or update it. The attacker take a benefit from user
provided data in such a way that the users input is handled as a SQL code.
Using this vulnerability an attacker can execute SQL commands directly on the
database. SQL injection attacks are most serious threats which take users input
and integrate it into SQL query. Reverse Proxy is a technique which is used to
sanitize the users inputs that may transform into a database attack. In this
technique a data redirector program redirects the users input to the proxy
server before it is sent to the application server. At the proxy server, data
cleaning algorithm is triggered using a sanitizing application. In this
framework we include detection and sanitization of the tainted information
being sent to the database and innovate a new prototype.Comment: 9 pages, 6 figures, 3 tables; CIIT 2013 International Conference,
Mumba
Preventing SQL Injection through Automatic Query Sanitization with ASSIST
Web applications are becoming an essential part of our everyday lives. Many
of our activities are dependent on the functionality and security of these
applications. As the scale of these applications grows, injection
vulnerabilities such as SQL injection are major security challenges for
developers today. This paper presents the technique of automatic query
sanitization to automatically remove SQL injection vulnerabilities in code. In
our technique, a combination of static analysis and program transformation are
used to automatically instrument web applications with sanitization code. We
have implemented this technique in a tool named ASSIST (Automatic and Static
SQL Injection Sanitization Tool) for protecting Java-based web applications.
Our experimental evaluation showed that our technique is effective against SQL
injection vulnerabilities and has a low overhead.Comment: In Proceedings TAV-WEB 2010, arXiv:1009.330
APHRODITE: an Anomaly-based Architecture for False Positive Reduction
We present APHRODITE, an architecture designed to reduce false positives in
network intrusion detection systems. APHRODITE works by detecting anomalies in
the output traffic, and by correlating them with the alerts raised by the NIDS
working on the input traffic. Benchmarks show a substantial reduction of false
positives and that APHRODITE is effective also after a "quick setup", i.e. in
the realistic case in which it has not been "trained" and set up optimall
Detection of the Security Vulnerabilities in Web Applications
The contemporary organizations develop business processes in a very complex environment. The IT&C technologies are used by organizations to improve their competitive advantages. But, the IT&C technologies are not perfect. They are developed in an iterative process and their quality is the result of the lifecycle activities. The audit and evaluation processes are required by the increased complexity of the business processes supported by IT&C technologies. In order to organize and develop a high-quality audit process, the evaluation team must analyze the risks, threats and vulnerabilities of the information system. The paper highlights the security vulnerabilities in web applications and the processes of their detection. The web applications are used as IT&C tools to support the distributed information processes. They are a major component of the distributed information systems. The audit and evaluation processes are carried out in accordance with the international standards developed for information system security assurance.security, vulnerability, web application, audit
Analysis of SQL Injection Detection Techniques
SQL Injection is one of the vulnerabilities in OWASPs Top Ten List for Web
Based Application Exploitation.These types of attacks takes place on Dynamic
Web applications as they interact with the databases for the various
operations.Current Content Management System like Drupal, Joomla or Wordpress
have all the information stored in their databases. A single intrusion into
these types of websites can lead to overall control of websites by the
attacker. Researchers are aware of the basic SQL Injection attacks but there
are numerous SQL Injection attacks which are yet to be Prevented and Detected.
Over here, we present the extensive review for the Advanced SQL Injection
attack such as Fast Flux Sql Injection, Compounded SQL Injection and Deep Blind
SQL Injection. We also analyze the detection and prevention using the classical
methods as well as modern approaches. We will be discussing the Comparative
Evaluation for prevention of SQL Injection
- …