Title :
Multi-Layered Defense against Web Application Attacks
Author :
Razzaq, Abdul ; Hur, Ali ; Haider, Nasir ; Ahmad, Farooq
Author_Institution :
Sch. of Electr. Eng. & Comput. Sci., NUST
Abstract :
Web application security is the hottest issue in the present scenario of e-business environment. Web application attacks can play havoc with the system within no time. More than 80% attacks are at application layer and almost 90% applications are vulnerable to these attacks. Traditional solutions in the form of Web scanners, firewall, intrusion detection system (IDS) or Web proxies are ineffective to mitigate application level attacks. We have introduced a novel approach of multiple layered defenses to the application level attacks which possess higher detection ability with low false positive rate. The system is capable to detect application level known and unknown attacks especially XSS and SQL injection, in efficient way. Our system is also helpful for the developers to find the application vulnerabilities well in time by visually observing the proper validation through validation flow graph. Over all our system approach is efficient to locate and detect the vulnerability with the help of control flow graph which avoid time consuming sequential search.
Keywords :
Internet; authorisation; electronic commerce; SQL injection; Web application attacks; Web application security; Web proxies; Web scanners; XSS; application level attacks; control flow graph; e-business environment; firewall; intrusion detection system; multi-layered defense; sequential search; Application software; Computer security; Control systems; Databases; Flow graphs; Information security; Information technology; Intrusion detection; Service oriented architecture; Web server; CFG; Pi Calculus;
Conference_Titel :
Information Technology: New Generations, 2009. ITNG '09. Sixth International Conference on
Conference_Location :
Las Vegas, NV
Print_ISBN :
978-1-4244-3770-2
Electronic_ISBN :
978-0-7695-3596-8
DOI :
10.1109/ITNG.2009.77
