INTERNATIONAL JOURNAL FOR TRENDS IN ENGINEERING & TECHNOLOGY
VOLUME 3 ISSUE 1 –JANUARY 2015 - ISSN: 2349 - 9303
Routine Detection Of Web Application Defence Flaws Vidhya.V1 1
Arunai Engineering College, CSE, vidhyaa.av@gmail.com
Logash Prabu.M2 2
Tagore Institute Of Engineering and Technology, CSE, logashprabu@gmail.com
Kalvina.L.R3
3
Arunai Engineering College, Department kalvinacse@gmail.com
Abstract— The detection process for security vulnerabilities in ASP.NET websites / web applications is a complex one, most of the code is written by somebody else and there is no documentation to determine the purpose of source code. The characteristic of source code defects generates major web application vulnerabilities. The typical software faults that are behind of web application vulnerabilities, taking into different programming languages. To analyze their ability to prevent security vulnerabilities ASP.NET which is part of .NET framework that separate the HTML code from the programming code in two files, aspx file and another for the programming code. It depends on the compiled language (Visual Basic VB, C sharp C#, Java Script). Visual Basic and C# are the most common languages using with ASP.NET files, and these two compiled languages are in the construction of our proposed algorithm in addition to aspx files. The hacker can inject his malicious as a input or script that can destroy the database or steal website files. By using scanning tool the fault detection process can be done. The scanning process inspects three types of files (aspx, VB and C#). then the software faults are identified. By using fault recovery process the prepared replacement statement technique is used to detect the vulnerabilities and recover it with high efficiency and it provides suggestion then the report is generated then it will help to improve the overall security of the system. Index Terms— SQL Injection; XSS Cross Site Scripting; Prepared Replacement Statement algorithm; Symbolic implementation algorithm. —————————— —————————— The Open Web Application Security vulnerabilities are critical 1 INTRODUCTION one in web application security risks, having Structured Query Language injection and Client side scripting. The advantage of SQL rganizations are increasingly becoming dependent on the Internet injection attacks is unrestricted input fields within the web for sharing and accessing information. This Internet has changed the application interface to horribly it weak the SQL query that is sent to focus of application development from stand-alone applications to the back-end information. In XSS vulnerability, the invader is try to distributed Web applications. Web applications are programs that inject into web content unintended client-side script code, typically can be executed either on a web server or in a web browser. They in markup language and JavaScript. enable to share and access information over the Internet and operate SQLi and XSS enable attackers to access not allowable intranets. Web application can support online commercial information (study, include, modify, or cross out), raise to allow the transactions, popularly known as e-commerce. Security advantaged file accounts, masquerade as alternative users (such as vulnerabilities in web applications may result in stealing of the administrator), mimic net applications, spoils web content, view, confidential data, breaking of data integrity or affect web application and manage isolated records on the server, infuse and complete availability. The task of securing web applications is one of the most server aspect programs and they permit the design of botnets according to Acunetix survey 60% of found vulnerabilities affect web applications. The most common way of securing web forbidden by the assaulter. To find attacks that inject SQL code by taking variables that applications is searching and eliminating vulnerabilities. The most efficient way of finding security vulnerabilities in web applications supposedly shouldn't be strings (e.g., numbers, dates)as a result of is manual code review. Security society actively develops automated the range of the variable is determined the assigned value. In strong approaches to finding security vulnerabilities. These approaches can written languages, this can be impossible as a result of sort of be divided into two wide categories: black-box and white-box variables is decided before runtime and therefore they decide to store a string in an exceedingly variable of another type raises an testing. miscalculation. This does not stop the incidence of vulnerabilities in The first approach is based on web application analysis from strong written languages, but only in string variables. In strong the user side, assuming that source code of an application is not written programming languages, that has less security issues, Java is available. This is to submit various malicious patterns (implementing intrinsically a protected programming language and it is a strong for example SQL injection or cross-site scripting attacks) into web written language, vulnerabilities is found in Java programs owing to application forms and to analyze its output. If any application errors implementation faults. Input injection attacks may serve a number of are observed an assumption of possible vulnerability is made. This ends. They are chosen by malicious users as a way to obtain approach does not guarantee neither accuracy nor completeness of restricted data from a back end database or to insert malicious code the obtained results. The second approach is based on web onto a web server that will in turn provide up malware to application analysis from the server side, with assumption that unsuspecting clients. These clients may find their credentials or source code of the application is available. private information exfiltrated as a result.
O
IJTET©2015
134