OWASP Framework-based Network Forensics to Analyze the SQLi Attacks on Web Servers

One of dangerous vulnerabilities that attack the web is SQLi. With this vulnerability, someone can obtain user data information, then change and delete that data. The solution to this attack problem is that the design website must improve security by paying attention to input validation and installing a firewall. This study's objective is to use network forensic tools to examine the designlink website's security against SQLi attacks, namely Whois, SSL Scan, Nmap, OWASP Zap, and SQL Map. OWASP is the framework that is employed; it is utilized for web security testing. According to the research findings, there are 14 vulnerabilities in the design website, with five medium level, seven low level, and two informational level. When using SQL commands with the SQL Map tool to get username and password information on its web server design. The OWASP framework may be used to verify the security of websites against SQLi attacks using network forensic tools, according to the study's findings. So that information about the vulnerabilities found on the website can be provided. The results of this study contribute to forensic network knowledge against SQLi attacks using the OWASP framework as well as for parties involved in website security

Analysis of Mozambican websites : how do they protect their users?

Web security is an important approach for most institutions, organizations and individuals which use or provide their services through websites. In this study, a systematic and methodical evaluation of the exposure of web servers and HTTP security headers to attackers that can cause potential harm was tested in 240 Mozambican websites. Vulnerabilities related to HTTP security headers were obtained and the mechanisms which should be taken to reduce the security risks of the services available on the websites are presented

A Forensic Web Log Analysis Tool: Techniques and Implementation

Methodologies presently in use to perform forensic analysis of web applications are decidedly lacking. Although the number of log analysis tools available is exceedingly large, most only employ simple statistical analysis or rudimentary search capabilities. More precisely these tools were not designed to be forensically capable. The threat of online assault, the ever growing reliance on the performance of necessary services conducted online, and the lack of efficient forensic methods in this area provide a background outlining the need for such a tool. The culmination of study emanating from this thesis not only presents a forensic log analysis framework, but also outlines an innovative methodology of analyzing log files based on a concept that uses regular expressions, and a variety of solutions to problems associated with existing tools. The implementation is designed to detect critical web application security flaws gleaned from event data contained within the access log files of the underlying Apache Web Service (AWS). Of utmost importance to a forensic investigator or incident responder is the generation of an event timeline preceeding the incident under investigation. Regular expressions power the search capability of our framework by enabling the detection of a variety of injection-based attacks that represent significant timeline interactions. The knowledge of the underlying event structure of each access log entry is essential to efficiently parse log files and determine timeline interactions. Another feature added to our tool includes the ability to modify, remove, or add regular expressions. This feature addresses the need for investigators to adapt the environment to include investigation specific queries along with suggested default signatures. The regular expressions are signature definitions used to detect attacks toward both applications whose functionality requires a web service and the service itself. The tool provides a variety of default vulnerability signatures to scan for and outputs resulting detections