DocumentCode :
2096068
Title :
A Survey on Web Application Vulnerabilities (SQLIA, XSS) Exploitation and Security Engine for SQL Injection
Author :
Johari, Rahul ; Sharma, Pankaj
Author_Institution :
USIT, GGSIP Univ., Delhi, India
fYear :
2012
fDate :
11-13 May 2012
Firstpage :
453
Lastpage :
458
Abstract :
Today almost all organizations have improved their performance through allowing more information exchange within their organization as well as between their distributers, suppliers, and customers using web support. Databases are central to the modern websites as they provide necessary data as well as stores critical information such as user credentials, financial and payment information, company statistics etc. These websites have been continuously targeted by highly motivated malicious users to acquire monetary gain. Structured Query Language (SQL) injection and Cross Site Scripting Attack (XSS) is perhaps one of the most common application layer attack technique used by attacker to deface the website, manipulate or delete the content through inputting unwanted command strings. Structured Query Language Injection Attacks (SQLIA) is ranked 1st in the Open Web Application Security Project (OWASP) [1] top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. In this paper, we present a detailed review on various types of Structured Query Language Injection attacks, Cross Site Scripting Attack, vulnerabilities, and prevention techniques. Besides presenting our findings from the survey, we also propose future expectations and possible development of countermeasures against Structured Query Language Injection attacks.
Keywords :
SQL; Web sites; security of data; software performance evaluation; OWASP; SQL injection; SQLIA exploitation; Web application vulnerabilities; Web sites; Web support; XSS exploitation; application layer attack technique; attack prevention techniques; content deletion; content manipulation; cross site scripting attack; information exchange; malicious users; monetary gain; open Web application security project; performance improvement; security engine; structured query language injection attacks; Analytical models; Browsers; Databases; Encryption; Peer to peer computing; Runtime; Servers; Authentication Bypass; Database Mapping etc; Dynamic Analysis; Input Validation; SQL Injection Attack; Static Analysis; Unauthorized Access; Web Vulnerabilities;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Communication Systems and Network Technologies (CSNT), 2012 International Conference on
Conference_Location :
Rajkot
Print_ISBN :
978-1-4673-1538-8
Type :
conf
DOI :
10.1109/CSNT.2012.104
Filename :
6200667
Link To Document :
بازگشت