scholarly journals Detection and Avoidance of Web Vulnerability using XSS

2019 ◽  
Vol 8 (2) ◽  
pp. 1737-1740
Keyword(s):  
Life Style ◽  
Web Applications ◽  
Sensitive Information ◽  
Storage Medium ◽  
Sql Injection ◽  
Critical Information ◽  
Cross Site

In today’s life style web applications have become so much essential part. We make use of web applications in most of our day-to-day activities. Hence it has become a big challenge to protect these web applications from hacking. Databases are central to modern websites as they provide storage medium for critical information. It may be of any companies’ sensitive information. Henceforth these websites are targeted by malicious users to gain authority. This paper provides necessary security to the websites, blogs from being attacked and miss leaded. It detects the attack and soon after well avoid by script posting. The application also demonstrate login through SQL injection[16][17] without having the proper required credentials. Keywords:-XSS-Cross site scripting, Detection, Prevention, Web vulnerability.

scholarly journals Analysis of SQL Injection Attack

2013 ◽  
pp. 260-264
Author(s):  
Jayeeta Majumder ◽  
Gargi Saha
Keyword(s):  
Web Applications ◽  
Sensitive Information ◽  
Security Model ◽  
Security Threat ◽  
Sql Injection ◽  
Stored Procedure ◽  
Injection Attacks ◽  
Unrestricted Access ◽  
Sql Injection Attacks ◽  
Input Validation

SQL injection attacks are a serious security threat to Web applications. They allow attackers to obtain unrestricted access to the databases underlying the applications and to the potentially sensitive information these database contain. Various researchers and practitioners have proposed various methods to address the SQL injection problem. To address this problem, we present an extensive review of the various types of SQL injection attacks known to date. For each type of attack, we provide descriptions and examples of how attacks of that type could be performed. We also present a methodology to prevent SQL injection attacks. It concentrates on the SQL queries and SQL stored procedure where input parameters are injected by the attacker. After a rigorous input validation with our proposed SQL security model will ensure input validation.

scholarly journals SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

2018 ◽  
Vol 2 (4) ◽  
pp. 286 ◽  
Author(s):  
Robinson ◽  
Memen Akbar ◽  
Muhammad Arif Fadhly Ridha
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Monitoring Network ◽  
Sql Injection ◽  
Web Application Security ◽  
Ip Address ◽  
Application Security ◽  
Rule Set ◽  
Security Rule ◽  
Cross Site

Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.

scholarly journals Web Application Penetration Testing Using SQL Injection Attack

2021 ◽  
Vol 5 (3) ◽  
pp. 320
Author(s):  
Alde Alanda ◽  
Deni Satria ◽  
M.Isthofa Ardhana ◽  
Andi Ahmad Dahlan ◽  
Hanriyawan Adnan Mooduto
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Rapid Development ◽  
Security Level ◽  
Sensitive Information ◽  
Sql Injection ◽  
Web Application Security ◽  
Penetration Testing ◽  
Application Security ◽  
Sql Injection Attack

A web application is a very important requirement in the information and digitalization era. With the increasing use of the internet and the growing number of web applications, every web application requires an adequate security level to store information safely and avoid cyber attacks. Web applications go through rapid development phases with short turnaround times, challenging to eliminate vulnerabilities. The vulnerability on the web application can be analyzed using the penetration testing method. This research uses penetration testing with the black-box method to test web application security based on the list of most attacks on the Open Web Application Security Project (OWASP), namely SQL Injection. SQL injection allows attackers to obtain unrestricted access to the databases and potentially collecting sensitive information from databases. This research randomly tested several websites such as government, schools, and other commercial websites with several techniques of SQL injection attack. Testing was carried out on ten websites randomly by looking for gaps to test security using the SQL injection attack. The results of testing conducted 80% of the websites tested have a weakness against SQL injection attacks. Based on this research, SQL injection is still the most prevalent threat for web applications. Further research can explain detailed information about SQL injection with specific techniques and how to prevent this attack.

Why SQL Injection Attacks Are Still Plaguing Databases

2019 ◽  
Vol 3 (2) ◽  
pp. 11-18
Author(s):  
Akvile Kiskis
Keyword(s):  
Web Applications ◽  
Database Security ◽  
Sensitive Information ◽  
Confidential Information ◽  
Sql Injection ◽  
Injection Attacks ◽  
Sql Injection Attacks ◽  
Complete Access ◽  
Sheer Number ◽  
Standing Problem

This article describes how SQL injection has been a long-standing problem in database security. It is understandable why injection is considered number one because of the sheer number of web applications that exist currently. An injection attack can allow an attacker to gain complete access of a database which oftentimes contains sensitive information. This results in a loss of confidential information which places consumers at a huge risk.

scholarly journals Defending Against Modern Threats in Web Applications

2012 ◽  
pp. 43-46
Author(s):  
Mohit Kumar ◽  
Abhishek Gupta ◽  
Azhar Shadab ◽  
Lokesh Kumar ◽  
Vikas Kumar Tiwari
Keyword(s):  
Vulnerability Assessment ◽  
Web Applications ◽  
Sql Injection ◽  
Critical Part ◽  
Treasure Trove ◽  
Major Threat ◽  
Automated Tools ◽  
Cross Site Request Forgery ◽  
Cross Site

Web applications have become critical part of business. They hold a treasure trove of data behind their front ends. Now-adays attackers are well aware of the valuable information accessible through web applications, so website security has become a major problem today. The number of vulnerabilities have multiplied in recent years. Vulnerabilities like cross site scripting(XSS),sql injection and cross site request forgery(CSRF) has emerged as a major threat to web applications. So, in order to protect web applications from these modern threats, at first vulnerability assessment should be carried out from time to time and also some preventive techniques should be followed to prevent these threats. The motivation of this paper is to promote the use of automated tools for vulnerability assessment and to follow preventive techniques in order to make web applications secure.

scholarly journals ImageSubXSS: an image substitute technique to prevent Cross-Site Scripting attacks

2019 ◽  
Vol 9 (2) ◽  
pp. 1393
Author(s):  
PMD Nagarjun ◽  
Shaik Shakeel Ahamad
Keyword(s):  
Web Application ◽  
Web Applications ◽  
Human Life ◽  
Single Line ◽  
Sensitive Information ◽  
Server Side ◽  
Client Side ◽  
Application Execution ◽  
Cross Site

<span lang="EN-US">Cross-Site Scripting (XSS) is one of serious web application attack. Web applications are involved in every activity of human life. JavaScript plays a major role in these web applications. In XSS attacks hacker inject malicious JavaScript into a trusted web application, execution of that malicious script may steal sensitive information from the user. Previous solutions to prevent XSS attacks require a lot of effort to integrate into existing web applications, some solutions works at client-side and some solutions works based on filter list which needs to be updated regularly. In this paper, we propose an Image Substitute technique (ImageSubXSS) to prevent Cross-Site Scripting attacks which works at the server-side. The proposed solution is implemented and evaluated on a number of XSS attacks. With a single line, developers can integrate ImageSubXSS into their applications and the proposed solution is able to prevent XSS attacks effectively.</span>

scholarly journals Addressing Web Application Security Issues and Vulnerabilities Assessment Pen Testing

2020 ◽  
Vol 8 (6) ◽  
pp. 2314-2321
Keyword(s):  
Vulnerability Assessment ◽  
Web Application ◽  
Web Applications ◽  
Sensitive Information ◽  
Security Measures ◽  
Security Issues ◽  
Online Sales ◽  
Application Service ◽  
Cross Site ◽  
The Web

The world relies heavily on the Internet, and every organization uses web applications extensively for information sharing, business purposes such as online sales, money transfer, etc., and Exchange services. Nowadays, providing security for web applications is the greatest challenge in the corporate world because web applications will be the main way for their daily business and if the web application is affected, then daily business and reputation will be affected. As many organizations have been using the web application service to share or store sensitive information about their clients and assets. So, Web Applications are inclined to security attacks and new security vulnerabilities have grown in the last two decades in a web application and have become an important target for attackers. So, it is very vital to secure a web application. The vulnerabilities in web applications will incur due to the security misconfigurations, programming mistakes, improper usage of security measures, etc. So, vulnerability assessment and pen testing will help to figure out the different vulnerabilities present in web applications. The websites are also using to deliver the critical services to its customers so it must run every time without any interception, to do this VAPT will play a crucial role. This paper reviews about vulnerability assessment and pretesting steps and types, website vulnerabilities like SQL Injection, Cross-Site scripting, file inclusion, cross-site request forgery, and broken authentication with types and remediations and also discuss how the effect of these vulnerabilities on a web application.

Sign in / Sign up

Export Citation Format

Share Document