XSS and SQL Injection Detection and Prevention Techniques (A Review)

Authors

  • Bhanwarlal  PG Scholar, Department of Computer Science and Engineering, Shekhawati Institute of Engineering and Technology, Sikar, Rajasthan, India
  • Irfan Khan  Assistant Professor, Department of Computer Science and Engineering, Shekhawati Institute of Engineering and Technology, Sikar, Rajasthan, India

DOI:

https://doi.org//10.32628/CSEIT22816

Keywords:

SQLIA, SQL queries, XSS, Cross site Scripting, web application, asp.net., Security, Internet, Server.

Abstract

In modern times every human being rely upon the internet for their scant to hefty needs as internet offers vast amount of information to users, so it’s availability to users is indispensable. Major objectives of security are availability, integrity and confidentiality. Cross Site Scripting (XSS) and SQL Injection Attack (SQLIA) is a generic and critical security issue towards to the web application and database security. In general, not well validated and verified web applications are highly prone and vulnerable by the attackers. Due to the creative and dynamic XSS and SQLIA methods and techniques, users can save their valuable, integral and confidential data in the web site to save their market stability towards their self as well as social enrichment. Many tools and techniques are addressed to the references regarding the XSS and SQL Injection issues, but we are present and used pattern matching techniques in SQL statements to implement the SQLIA and XSS in web application. At the outset pattern matching algorithm is used and gets better solution towards on implementation of SQLIA and XSS attacks and preventions.

References

  1. G. Buehrer, B.W. Weide, and P.A.G. Sivilotti. “Using parse tree validation to prevent sql injection attacks”. In Proceedings of the 5th International Workshop on Software Engineering and Middleware.
  2. CGIsecurity. The cross-site scripting (xss) faq.http://www.cgisecurity.com/xss-faq.html. 
  3. S. Crites, F. Hsu, and H. Chen. Omash: “Enabling secure web mashups via object abstractions”. In Proceedings of the International Conference on Computer and Communications Security (CCS), 2008. 
  4. Xinshu Dong, Kailas Patil, Xuhui Liu, Jian Mao, and Zhenkai Liang. “An entensible security framework in web browsers”. Technical Report TR-SEC-2012-01, Systems Security Group, School of Computing, National University of Singapore, 2012.
  5. Xinshu Dong,Kailas Patil, Jian Mao, and Zenkai Liang. “A comprehensive client-side behavior model for diagnosing attacks in ajax applications”. In proceedings of the 18th  International Conference on Engineering of Complex Computer systems (ICECSS).
  6. Dennis Fisher. Persistent XSS bug on twitter exploited by worm http://threatpost.com/en us/blogs/persistent-xssbug-twitter-being-exploited-092110
  7. W.G.J.Halfond and A. Orso. “Amnesia: analysis and monitoring for neutralizing sql-injection attacks”. In Proceedings of the 20th IEEE/ACM International Conference on Automated Software Engineering.
  8. W.G.J. Halfond and A. Orso. “Combining static analysis and runtime monitoring to counter sql-injection attacks”.In Proceed-ings of the Third International Workshop on Dynamic Analysis. 
  9. W.G.J. Halfond, A. Orso, and P. Manolios. “Using positive tainting and syntax-aware evaluation to counter sql-injection at-tacks”. In Proceedings of the 14th ACM SIGSOFT International Symposium on Foundations of Software Engineering. 
  10. Yichen Xie and Alex Aiken. “Static detection of security vulnerabilities in scripting languages”. In Proceedings of the USENIX Security Symposium. 
  11. Collin Jackson, Andrew Bortz, Dan Boneh, and John C. Mitchell. “Protecting browser state from web privacy attacks”. In Proceedings of the International Conference on World Wide Web (WWW). 
  12. Patil Kailas, Dong Xinshu, Li Xiaolei, Liang Zhenkai, and Jiang Xuxian. “Towards fine-grained access control in javascript contexts”. In Proceedings of the International Conference on Distributed Computing Systems. 
  13. Ziqing Mao, Ninghui Li, and Ian Molloy. “Defeating cross-site request forgery attacks with browser-enforced authenticity protection”. In Financial Cryptography and Data Security, 13th International Conference. 
  14. Leo A. Meyerovich and Benjamin Livshits. “ConScript: Specifying and enforcing fine-grained security policies for javascript in the browser”. In Proceedings of the IEEE Symposium on Security and Privacy (IEEE S & P). 
  15. Mozilla Same origin policy for javascript. https://developer.mozilla.org/En/Same_origin_policy_for _javascript.
  16. The clickjacking meets xss: a state of art. http://www.milw0rm.com/papers/265.
  17. Anh Nguyen-tuong, Salvatore Guarnieri, Doug Greene, Jeff Shirley, and David Evans. “Automatically hardening web applications using precise tainting”. In Proceeding of the 20th IFIP International Information Security Conference. 
  18. National Institute of standards and technology. National vulnerability database (nvd) http://web.nvd.nist.gov/view/vuln/search
  19. Kailas Patil Ensuring session integrity in the browser environment http://scholarbank.nus.edu.sg/bitstream/handle/10635/49161/ThesisHT080141L.pdf?sequence=1.
  20. Kailas Patil, Tanvi Vyas, Fredrik Braun, and Mark Goodwin. “Usercsp- user specified content security policies”. SOUPS’13 POSTER

IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology

Downloads

Published

2022-02-28

Issue

Volume 8, Issue 1, January-February-2022

Section

Research Articles

License

Copyright (c) IJSRCSEIT

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Bhanwarlal, Irfan Khan, " XSS and SQL Injection Detection and Prevention Techniques (A Review) , IInternational Journal of Scientific Research in Computer Science, Engineering and Information Technology(IJSRCSEIT), ISSN : 2456-3307, Volume 8, Issue 1, pp.53-60, January-February-2022. Available at doi : https://doi.org/10.32628/CSEIT22816