Keywords:-

Keywords: Input Validation, Pattern matching, Sanitization, SQL injection attacks, Type learning, XSS Attacks.

Article Content:-

Abstract

In the last twenty years, web applications have grown from simple, static pages to complex, full-fledged dynamic applications. simple web applications today may accept and process hundreds of different HTTP parameters to be able to provide users with interactive services. Unfortunately, web applications are also frequently targeted by attackers, and critical vulnerabilities such as Front-end and Back-end are still common. Much effort has been taken from the past few years to reduce these vulnerabilities. The current technique focused on sanitization is not able to prevent new forms of input validation vulnerabilities such as HTTP parameters pollutions and are runtime overhead. In this paper a technique for preventing these front end and back end vulnerabilities is developed which is based on automated data type detection of input parameters. This novel technique is referred to as IPAAS which automatically and transparently augments.

References:-

References

Theodoor Scholte, William

Robertson, Davide Balzarotti, Engin

Kirda: Preventing Input Validation

Vulnerabilities in Web Applications

through Automated Type Analysis,

IEEE transaction on computer

softeware and application conference,

july 2012.

Meixing Le, AngelosStavrou, Brent

ByungHoon Kang,” Double Guard:

Detecting Intrusions in Multitier Web

Applications”, IEEE Transactions on

dependable and secure computing,

vol. 9, no. 4, July/august 2012.

Arisholma, E., Briand, L. C., and

Johannessen, E. B. 2010. A

systematic and comprehensive

investigation of methods to build and

evaluate fault prediction models.

Journal of Systems and Software, 83,

, 217.

Jovanovic, N., Kruegel, C., and

Kirda, E. 2006. Pixy: a static analysis

tool for detecting web application

vulnerabilities. In Proceedings of the

IEEE Symposium on Security and

Privacy. 258-263.

Kieun, A., Guo, P. J., Jayaraman, K.,

and Ernst, M. D. 2009. Automatic

creation of SQL injection and crosssite

scripting attacks. In Proceedings

of the 31st International Conference

on Software Engineering. 199-209.

Martin, M. and Lam, M. S. 2008.

Automatic generation of XSS and

SQL injection attacks with goaldirected

model checking. In

Proceedings of the 17th USENIX

Security Symposium. 31-43.

Mounika B |IJMCR www.ijmcr.in| 1:2 March|2013|61-68 || 68

Shar, L. K. and Tan, H. B. K. 2012.

Mining input sanitization patterns for

predicting SQLI and XSS

vulnerabilities. In Proceedings of the

th International Conference on

Software Engineering. 1293-1296.

Weinberger, P. Saxena, D. Akhawe,

M. Finifter, R. Shin, and D. Song. An

Empirical Analysis of XSS

Sanitization in Web Application

Frameworks. Technical report, UC

Berkeley, 2011.

Y. Kosuga, k. Kono, m. Hanaoka, m.

Hishiyama, and y. Takahama. Sania:

syntactic and semantic analysis for

automated testing against sql

injection. In acsac, pages 107–117.

Ieee computer society, 2007

Downloads

Citation Tools

How to Cite
B, M., & Chaitanya, A. K. (2013). Survey on Preventing Input Validation Vulnerabilities in Web Applications through Automated Type Analysis. International Journal Of Mathematics And Computer Research, 1(02), 61-68. Retrieved from http://ijmcr.in/index.php/ijmcr/article/view/202