Detecting and Preventing SQL Injection and XSS Attack using Web Security Mechanisms

In this paper we proposed a system prototype tool to evaluate web application security mechanisms. The methodology is based on the idea that injecting realistic vulnerabilities in a web application and attacking them automatically can be used to support the assessment of existing security mechanisms and tools in custom setup scenarios. To provide true to life results, the proposed vulnerability and attack injection methodology relies on the study of a large number of vulnerabilities in real web applications. To remove the vulnerabilities by implementing a concrete Vulnerability & Attack Injector Tool (VAIT) for securing web applications. To prevent various attacks like follows: 1. SQL Injection (SQLi) 2. Cross Site Scripting (XSS) 3. Brute Force Attack 4. Shoulder surfing Attack 5. Social Attack. 6. Dictionary Attac

A Review: Implementation of Web Security Mechanisms using Vulnerability & Attack Injection

In this paper we propose a theory and a model mechanical assembly to survey web application security instruments. The methodology is in perspective of the prospect that mixing sensible Vulnerabilities in a web application and attacking them normally can be used to support the assessment of existing security frameworks and mechanical assemblies in custom setup circumstances. To give reliable with life comes to fruition, the proposed powerlessness and attack mixture technique relies on upon the examination of a sweeping number of vulnerabilities in authentic web applications. Despite the non-particular approach, the paper depicts the Vulnerability's utilization and Attack Injector Tool (VAIT) that allows the entire's robotization process. We used this instrument to run a game plan of trials that display the feasibility and the reasonability of the proposed methodology. The examinations join the appraisal of degree and false positives of an interference acknowledgment structure for SQL Injection strikes and the feasibility's assessment of two top business web application vulnerability scanners. Results show that the implantation of vulnerabilities and ambushes is to make certain a feasible way to deal with evaluate security segments and to raise their weaknesses and also courses for their change

Performing Web security mechanism for websites using Vulnerability & Attack Injection

In this paper we proposed a framework model instrument to assess web application security components. The approach depends on the possibility that infusing reasonable vulnerabilities in a web application and assaulting them naturally can be utilized to bolster the appraisal of existing security components and devices in custom setup situations. To give consistent with life comes about, the proposed defenselessness and assault infusion technique depends on the investigation of countless in genuine web applications. To expel the vulnerabilities by executing a solid Vulnerability and Attack Injector Tool (VAIT) for securing web applications

Implementation Ids for Web Security Mechanism against Injection and Multiple Attacks

In this paper we propose a philosophy and a model apparatus to assess web application security instruments. The approach is in view of the thought that infusing sensible Vulnerabilities in a web application and assaulting them naturally can be utilized to bolster the evaluation of existing security systems and apparatuses in custom setup situations. The investigations incorporate the assessment of scope and bogus positives of an interruption recognition framework for SQL Injection assaults and the viability's evaluation of two top business web application defenselessness scanners. Results demonstrate that the infusion of vulnerabilities and assaults is to be sure a viable approach to assess security components and to bring up their shortcomings as well as courses for their change

The Art of Fault Injection

Classical greek philosopher considered the foremost virtues to be temperance, justice, courage, and prudence. In this paper we relate these cardinal virtues to the correct methodological approaches that researchers should follow when setting up a fault injection experiment. With this work we try to understand where the "straightforward pathway" lies, in order to highlight those common methodological errors that deeply influence the coherency and the meaningfulness of fault injection experiments. Fault injection is like an art, where the success of the experiments depends on a very delicate balance between modeling, creativity, statistics, and patience

A framework for dependability evaluation of PROFIBUS networks

Fieldbus networks have been assuming a high acceptance in the industrial environment, replacing the old centralized control architectures. Due to time critical nature of the tasks involved in these environments, the fulfillment of dependability attributes is usually required. Therefore the dependability is an important parameter on system design, which should be evaluated. Several factors can affect system dependability. The environmental ones are the most common and due to the particularity of the industrial environment this susceptibility is increased. In this paper it is proposed a framework based on fault injection techniques, supported by a hardware platform which emulates a fault set, representative of industrial environment scenarios, intending to disturb data communications on a PROFIBUS network. From these fault injection experiments, relevant data is gathered and a further analysis is carried out to evaluate dependability attributes

A Functional Verification based Fault Injection Environment

Fault injection is needed for different purposes such as analyzing the reaction of a system in a faulty environment or validating fault-detection and/or fault-correction techniques. In this paper we propose a simulation-based fault injection tool able to work at different abstraction levels and with user-defined fault models. By exploiting the facilities provided by a functional verification environment it allows to speed up the entire fault injection process: from the creation of the workload to the analysis of the results of injection campaigns. Moreover, the adoption of techniques to optimize the fault list significantly reduces the simulation time. Being the tool targeted to the validation of dependable systems, it includes a way to extract information from the Failure Mode and Effect Analysis and to correlate fault injection results with estimates

Designing Fault-Injection Experiments for the Reliability of Embedded Systems

This paper considers the long-standing problem of conducting fault-injections experiments to establish the ultra-reliability of embedded systems. There have been extensive efforts in fault injection, and this paper offers a partial summary of the efforts, but these previous efforts have focused on realism and efficiency. Fault injections have been used to examine diagnostics and to test algorithms, but the literature does not contain any framework that says how to conduct fault-injection experiments to establish ultra-reliability. A solution to this problem integrates field-data, arguments-from-design, and fault-injection into a seamless whole. The solution in this paper is to derive a model reduction theorem for a class of semi-Markov models suitable for describing ultra-reliable embedded systems. The derivation shows that a tight upper bound on the probability of system failure can be obtained using only the means of system-recovery times, thus reducing the experimental effort to estimating a reasonable number of easily-observed parameters. The paper includes an example of a system subject to both permanent and transient faults. There is a discussion of integrating fault-injection with field-data and arguments-from-design

Trust Model in Cloud Computing Environment Based on Fuzzy Theory

Recent years have witnessed the development of cloud computing. However,there also come some security concerns in cloud computing environment, suchas emerging network attacks and intrusions, and instable cloud service provision dueto flexible cloud infrastructure and resources. To this end, we research on the trustedcomputing in cloud computing environment. Specifically, in this paper, we proposea trust model based on virtual machines, with two considerations. First, we introducetimeliness strategy to ensure the response time and also minimize the idle timeof servers. Second, we extend the linear trust chain by differentiating the trust ofthe platform domain and user domain. Besides, we develop a fuzzy theory basedmethod to calculate the trust value of cloud service providers. We also conduct someexperiments to evaluate our method