Multi-Layered Defense against Web Application Attacks

Web application security is the hottest issue in the present scenario of e-business environment. Web application attacks can play havoc with the system within no time. More than 80% attacks are at application layer and almost 90% applications are vulnerable to these attacks. Traditional solutions in the form of Web scanners, firewall, intrusion detection system (IDS) or Web proxies are ineffective to mitigate application level attacks. We have introduced a novel approach of multiple layered defenses to the application level attacks which possess higher detection ability with low false positive rate. The system is capable to detect application level known and unknown attacks especially XSS and SQL injection, in efficient way. Our system is also helpful for the developers to find the application vulnerabilities well in time by visually observing the proper validation through validation flow graph. Over all our system approach is efficient to locate and detect the vulnerability with the help of control flow graph which avoid time consuming sequential search.