Research Article Open Access

HUNTING PERNICIOUS ATTACKS IN WEB APPLICATIONS WITH XPROBER

R. Suguna1, T. Kujani1, N. Suganya1 and C. Krishnaveni1
  • 1 Department of CSE, SKR Engineering College, Chennai, India

Abstract

Nowadays internet is loaded with tons of innovative web applications. This instantaneous growth has paved way for a number of security exposures. Cross Site Scripting attacks (XSS), SQL Injection (SQLI) and Malicious File Execution (MFE) are the foremost web related vulnerabilities reported by Open Web Application Security Project (OWASP). The attackers take advantage of the vulnerabilities in the code of the web applications and engage in activities such as data breach, cookies stealing and password theft which results in severe consequences. The major cause for these glitches is that the scripts allow the user input without scanning for pernicious contents. Several security measures on server-side also available, but they are not applied in large scale, because of the deployment difficulty. On the Client-side, usage of security software worsens the client system’s performance which in turn reduces the web surfing experience of the user. A new tool called XProber has been presented for verifying the string manipulating programs automatically. The pre and post conditions of common string functions using Push Down Automata (PDA) are computed and used to identify the presence of vulnerabilities. This approach is capable of finding hefty amount of pernicious attacks in web application and prevents the attacks.

American Journal of Applied Sciences
Volume 11 No. 7, 2014, 1164-1171

DOI: https://doi.org/10.3844/ajassp.2014.1164.1171

Submitted On: 27 February 2014 Published On: 2 May 2014

How to Cite: Suguna, R., Kujani, T., Suganya, N. & Krishnaveni, C. (2014). HUNTING PERNICIOUS ATTACKS IN WEB APPLICATIONS WITH XPROBER. American Journal of Applied Sciences, 11(7), 1164-1171. https://doi.org/10.3844/ajassp.2014.1164.1171

  • 3,210 Views
  • 3,081 Downloads
  • 0 Citations

Download

Keywords

  • XSS
  • SQLI
  • MFE
  • PDA
  • XProber