Efficient Security Enhancement Analysis for Cross-site Scripting and Code Injection Attacks for Web Security

Authors

  • Ajay Kumar Phulre Assistant Professor, Department of Computer Science and Engineering, Parul University, Vadodara, Gujarat, India
  • Rahul Sharma Assistant Professor, Department of Computer Science and Engineering, Parul University, Vadodara, Gujarat, India
  • Sunny Thakre Assistant Professor, Department of Computer Science and Engineering, Parul University, Vadodara, Gujarat, India
  • Shreyas Pagre Assistant Professor, Department Computer Science and Engineering, Parul University, Chameli Devi Group of Institutions, Indore, Madhya Pradesh, India

Keywords:

SQL code Injection, Cross-site scripting, Cyber Security

Abstract

SQL code injection and XSSs cross-site scripting are two new fields of computer security flaws introduced by web applications that have surpassed buffer overflows as the most common class of flaws in recent years in both new vulnerability reports and exploit reports. Both SQL injection and XSS are examples of a larger group of vulnerabilities that rely on input validation. Studying the cross-site scripting and SQL server injection vulnerabilities is the main goal of this research, which also proposes a user-centric architecture for secure data transmission. Analysis of a model that provides a framework for symmetric and asymmetric encryption, which is far more dependable than the conventional ways of encryption, is the focus of this study.

References

Soewito B, Gunawan FE. Prevention structured query language injection using regular regular expression and escape string. Procedia Comput Sci. 2018; 135: 678–687. https://doi.org/10.1016/j.procs.2018.08.218.

Mcwhirter PR, Kifayat K, Shi Q, Askwith B. SQL injection attack classification through the feature extraction of SQL query strings using a gap-weighted string subsequence kernel. J Inform Sec Appl. 2018; 40: 199–216. https:// doi.org/10.1016/j.jisa.2018.04.001

Piyush AS, Mhetre AN. A novel approach for detection of SQL injection and cross site scripting attacks. International Conference on Pervasive Computing (ICPC). 2015; 1–4.

Temeiza Q, Temeiza M, Itmazi J. A novel method for preventing SQL injection using SHA-1 algorithm and syntax- awareness. Sudanese J Comput Geoinform. 2017; 1(1): 16–26.

Stockley M. (2017 Feb 3). Critical WordPress update fixes zero-day flaw unnoticed. [Online]. Available /2017/02/03/critical_wordpress_update- fixes_zero-day-flaw_unnoticed/.

Ajay Kumar Phulre, Megha Kamble. Study and Analysis of Web Content Security Through Content Management Systems. Int J Emerg Technol Adv Eng. 2019 Oct; 9(10): 99–103. Website: www.ijetae.com (ISSN 2250-2459, ISO 9001:2008 Certified Journal.

Buja G, Abdul TF, Kamarularifin BAJ, Fakariah MA, Abdul-Rahman TF. Detection model for SQL injection attack: an approach for preventing a web application from the SQL injection attack. Symposium on Computer Applications and Industrial Electronics. 2014; 60–64.

Swati Yadav, Ajay Phulre. A Literature Review on Big Data Reduction Methods. Int J Electr Electron Comput Eng. 2017; 6(1): 92–99. ISSN No. (Online): 2277-2626

Chandranshu Dalvi, Ajay Phulre. Evaluating Opinion Strength Using Rule-Based and Fuzzy Measure Approach. Int J Comput Sci Netw (IJCSN). 2015 Oct; 4(5): 810–816.

Ghafarian A. A hybrid method for detection and prevention of SQL injection attacks. In2017 Computing Conference 2017 Jul 18 (pp. 833-838). IEEE.

Ajay Kumar Phulre, et al. Content Management Systems hacking probabilities for Admin Access with Google Dorking and database code injection for web content security. 2nd International Conference on Data, Engineering and Applications Electronic. 2020; 1–5.

Pramod A, Ghosh A, Mohan A, Shrivastava M, Shettar R. SQLI detection system for a safer web application. International Advance Computing Conference (IACC). 2015; 237–240.

Shahgholi N, Mohsenzadeh M, et al. A new SOA security framework defending web services against WSDL attacks. IEEE International Conference on Privacy, Security, Risk and Trust. 2011; 1259–1262.

Takase T, Tajima K. Efficient web services message exchange by SOAP bundling framework. Proceedings IEEE International Enterprise Distributed Object Computing Workshop, EDOC. 2007; 63–72.

Prabakar MA, KarthiKeyan M, Marimuthu K. An efficient technique for preventing SQL injection attack using pattern matching algorithm. In2013 IEEE international conference on emerging trends in computing, communication and nanotechnology (ICECCN) 2013 Mar 25 (pp. 503–506). IEEE.

Phulre AK, Pagare S, Chakrawati A. Automated framework for web content security through content managemenet system. 2022 10th International Conference on Emerging Trends in Engineering and Technology - Signal and Information Processing (ICETET-SIP-22). 2022; 1–4.

Gilani S, et al. A Navigational Evaluation Model for Content Management Systems. Nucleus. 2016; 53(2): 82–88.

Jan Pascal. (2010 Mar 2). Advantages of Joomla Content Management System. [Online]. Available: http://ezinearticles.com/?Advantagesof-Joomla-Content-Management-System&id=3854563

Martinez-Caro Jose-Manuel, Antonio-Jose Aledo-Hernandez, Antonio Guillen-Perez. A Comparative Study of Web Content Management Systems. MDPI, Information. 2018; 9(2): 27.

Shahgholi N, Mohsenzadeh M, Seyyedi MA, Qorani SH. A new SOA security framework defending web services against WSDL attacks. Proceedings, 2011 IEEE International Conference on Privacy, Security, Risk and Trust and IEEE International Conference on Social Computing, PASSAT/SocialCom 2011. 2011; 1259–1262.

Siddavatam I, Jayant Gadge. Comprehensive test mechanism to detect attack on web services. Proceedings of the 2008 16th International Conference on Networks (ICON’2008). 2008; 1–6.

Downloads

Published

2023-03-13

Issue

Vol. 10 No. 1 (2023): Recent Trends in Programming Languages

Section

Review Article