Author : Saba Khan 1
Date of Publication :7th February 2017
Abstract: A web application is generally known as a client-server software application where the client uses a user interface within a web browser. Web applications today provide a universal way to access information over the internet. Since the use of web application are increasing it became a popular target for security attacks. Security vulnerabilities in web applications may result in stealing of confidential data, breaking of data integrity or affecting web application availability. Thus, the task of securing web applications is not only important but also needs immediate attention. Some of well-known web application vulnerabilities are SQL Injection, Buffer Overflow, Cross Site Scripting etc. In order to overcome these vulnerabilities, it is important to detect first the problem before preventing it. In this paper, different types of web application attack which are vulnerable to the web application have been discussed. Furthermore, several techniques for detection of web application related attacks are presented.
Reference :
-
- M. khari, P. sangwan and vaishali, “Web-application attacks: A survey,” 2016 3rd International Conference on Computing for Sustainable Global Development (INDIACom), New Delhi,2016,pp.2187-2191
- H. Atashzar, A. Torkaman, M. Bahrololum and M. H. Tadayon, “A survey on web application vulnerabilities and countermeasures,”2011 6th International Conference on Computer Sciences and Convergence Information Technology(ICCIT), Seogwipo, 2011, pp.647-652
- The Open Web Application Security Project. Top Ten 2013
- M. K. Gupta, M. C. Govil and G.Singh, “Predicting Cross-Site Scripting (XSS) Security vulnerabilities in web applications,”2015 12th International Joint Conferences on Computer Science and Software Engineering (JCSSE),Songkhla,2015,pp.162- 167.doi:10.1109/JCSSE.2015.7219789
- Abdalla Wasef Marashdih, Zarul Fitri Zaaba, “Cross Site Scripting: Detection Approaches in Web Application,”(IJACSA) International Journal of Advanced Computer Science and Applications,Vol.7, No. 10,2016
- Gupta.M, Govil.M, Singh.G and Sharma.P 2015. XSSDM: Towards detection and mitigation of cross-site scripting vulnerabilities in web applications. In the 2015 International Conferences on Advances in Computing, Communications and Informatics(ICACCI). Doi: 10.1109/ICACCI.2015.7275912
- OWASPXSS,https://www.owasp.org/index.php/Crossite_Scriptin g_(XSS)
- Siddiqui,M and Verma, D. 2011. “Cross site request forgery:A common web application weakness,”Proceedings of the 3rd IEEE International Conference on Communication Software and Networks (ICCSN),Xi‟an, China.pp.538- 543.Doi:10.1109/ICCSN.2011.6014783
- OWASPCSRF,https://www.owasp.org/index.php/Cross Site_Request_Forgery_(CSRF)
- OWASP-BUFFER OVERFLOW ATTACK, Accessed from https://www.owasp.org/index.php/Buffer overflow attack
- N.Sakthipriya and K.Palanivel “Intrusion Detection for Web Application:An Analysis” International Journal of Scientific & Engineering Research, Volume 4. Issue 5, May-2013 1824 ISSN 2229-5518
- Jaspreet Kaur, Rupinder singh and Pawandeep kaur “Prevention of DDoS and Brute Force Attacks on Web Log Files using Combination of Genetic Algorithm and Feed forward Back propagation Neural Network,” Intenational pp Journal of Computer Application (0975- 8887)Volume 120-No.23,June 2015
- 19 Adams, C, Jourdan, G.V., Levac, J. P., & Prevost, F. (2010,August), “Lightweight protection against brute force login attacks on Web applications”, In PST (pp.181-188)
- Robledo, H. 2008. Types of Hosts on a Remote File Inclusion (RFI) Botnet. Electronics, Robotics and Automotive Mechanics Conference, (CERMA '08), Morelos, Mexico, pp.105-109. Doi: 10.1109/CERMA.2008.60
- Buja, G., Jalil, K., Ali, F. and Rahman, T. 2014. Detection model for SQL injection attack:An approach for preventing a web application from the SQL injection attack. Proceedings of the IEEE Symposium of Computer Applications and Industrial Electronics (ISCAIE),pp.60-64. Doi: 10.1109/ISCAIE.2014.701021
- Swayam Charania and Vidhi Vyas “SQL Injection Attack :Detection and Prevention” International Research Journal of Engineering and Technology (IRJET) e-ISSN: 2395 -0056 Volume: 03 Issue: 04 | Apr-2016 www.irjet.net p-ISSN: 2395-0072
- Nadya ElBachir El Moussaid and Ahmed Toumanari, “Web Application Attacks Detection: A Survey and Classification” International Journal of Computer Applications (0975 – 8887) Volume 103 – No.12, October 2014
- Vigna, G., Robertson, W. and Balzarotti, D. 2004. Testing network-based intrusion detection signatures using mutant exploits. In Proceedings of the 11th ACM conference on Computer and communications security (CCS '04). ACM, New York, NY, USA, 21-30.Doi: 10.1145/1030083.1030088
- Kruegel, C. and Vigna, G. 2003. Anomaly detection of web-based attacks. In Proceedings of the 10th ACM conference on Computer and communications security (CCS '03). ACM,New York, NY, USA, pp. 251-261. Doi:10.1145/948109.948144
- M. Auxilia, D.Tamilselvan, “Anomaly Detection Using Negative Secu-rity Model in Web Application,”IEEE 2010.
- Vigna, G., Valeur, F., Balzarotti, D., Robertson, W., Kruegel, C. and Kirda, E. 2009. Reducing Errors in The Anomaly-based Detection of Web-based Attacks Through the Combined Analysis of Web Requests and SQL Queries. Journal of Computer Security, 17,pp. 205- 329, IOS Press.
- Le, M. and Stavrou, A. 2012. DoubleGuard: Detecting Intrusions in Multitier Web Applications. IEEE Transactions of Dependable and Secure Computing, 9, 4, pp. 512-525
- Juan Jose Garcia Adeva, Juan Manuel Pikatza Atxa,” Intrusion Detec-tion in web applications using text mining,” Journal of Artificial Intelli-gence - Elsevier 2006.
- Christopher Kruegel, Giovanni Vigna, William Robertson,” A multi model approach to the detection of web based attacks”, Journal of Com-puter Networks - Elsevier 2005.
- Chou, T. 2013. Security Threats on Cloud Computing Vulnerabilities. International Journal of Computer Science & Information Technology, 5, 3, pp. 79–88. Doi:10.5121/ijcsit.2013.5306
- R. Sekar,” An Efficient Black box Technique for Defeating Web Appli-cation Attacks”, Proc. Network and Distributed system security sump.(NDSS),2009.
- Ludinard, R., Totel, E., F. Tronel, V. Nicomettee, and Kaaniche, M. 2012. Detecting Attacks Against Data in Web Applications. Proceedings of the 7th International Conference on Risks and Security of Internet and Systems, Cork, Ireland, pp. 1-8