Frontline Techniques to Prevent Web Application Vulnerability

Shashank Khandelwal, Parthiv Shah, Mr. Kaushal Bhavsar, Dr. Savita Gandhi

Abstract


Today web applications are becoming the prime target for cyber-attacks. Web attacks are growing in numbers, with most of organizations in a broad survey reporting that they had recently suffered Web attacks.Last few years have shown a significant increase in the number of web-based attacks. Structured Query Language (SQL) injection, Cross Site Scripting (XSS), Insecure Direct Object Reference, Command Injection, Session manipulation and Parameter or URL Tempering are some of the major attacks which are application layer attacks. This paper demonstrates how attackers are discovered, exploit application-level vulnerabilities in a large number of web applications and present the different techniques to prevent web application attacks. Using this research paper researcher can examine how web application firewall is better technique for preventing web application vulnerability. This approach allows us to secure our web application.


Keywords


SQL Injection, Cross Site Scripting (XSS), Insecure Direct Object Reference, Command Injection, Session manipulation and Parameter or URL Tempering, Web attacks, Firewall, IDS, IPS, Web Application Firewall.

References


Dafydd stuttard, and Marcus Pinto, “The Web Application Hacker’s Handbook: Discovering and Exploiting Security Flaws”, Wiley Publishing, Indana, pp. 237-333, 2008.

Naoto Katsumi, Isao Kaine and Katsutoshi Nakamura, “Web Application firewall”, Information-technology Promotion Agency japan, pp. 9-20, 2011.

Dr. Meshram B.B.,Patil Suchita, Kulkarni Pallavi and Rane Pradnya, “IDS vs IPS”, International Journal of Computer Networks and Wireless Communications (IJCNWC), vol 2 (1), pp. 86-90, 2012.

Asaad Moosa, “Artificial Neural Network based Web Application Firewall for SQL Injection”, World Academy of Science, Engineering and Technology, vol 40, pp. 12-21,2010.

Lieven Desmet, Frank Piessens, Wouter Joosen, and Pierre Verbaeten, “Bridging the Gap between Web Application Firewalls and Web Applications”, DistriNet Research Group, Department of Computer Science Katholieke University Leuven Belgium, 2009.

Fuchsberger Andreas, “Intrusion Detection Systems and Intrusion Prevention Systems”, Information Security Technical Report, vol 10, pp. 134-139, 2005.

The Open Web Application Security Project. “OWASP Top 10 2010”, Available at https://www.owasp.org/index.php/Category:OWASP_Top_Ten_Project (Accessed on 15/02/2013).


Full Text: PDF

Refbacks

  • There are currently no refbacks.




 

Index by:



All Rights Reserved © 2012 IJARCSEE


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 Unported License.