Detection of SQL Injection and XSS Vulnerability in Web Application

Abstract

The increasing dependence on web applications has made them a natural target for attackers. Among these attacks SQL Injection Attacks (SQLIA) and Cross-Site Scripting attacks are the most prevalent. Our SQL Injection detection method is based on the design of a detection tool for the HTTP request send by clients or users and look for attack signatures. The proposed filter is generic in the sense that it can be used with any web application. Finally we test our proposed security mechanism using the vulnerability scanner developed by us as well as other well-known scanners. Our approach for Cross-Site Scripting detection method describes the possibilities to filter JavaScript in Web applications in server side protection. Server side solution effectively protects against information leakage from the users environment. Cross-Site scripting attacks are easy to execute, but difficult to detect and prevent.[1