• No results found

Journal of Environmental Science, Computer Science and Engineering & Technology

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Journal of Environmental Science, Computer Science and Engineering & Technology"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Journal of Environmental Science, Computer Science and Engineering & Technology

An International Peer Review E-3 Journal of Sciences and Technology

Available online at www.jecet.org Section B: Computer Science

Research Article

JECET; March 2015-May 2015; Sec. B; Vol.4.No.2, 178-182 178

Preventing Vulnerable Attacks in Web Applications

Dharani.M.K, Sangeetha.S

Avinashilingam institute of home science and higher education for women, Coimbatore, Tamilnadu, India.

Received: 9 March 2015; Revised: 31 March 2015; Accepted: 04 April 2015

Abstract: Now a day, web services are becoming mandatory for human life applications.

Many techniques have been used to protect the personal details from the anonymous persons. In this paper, digital clock widget is embedded in web pages, to protect the web pages from vulnerable attacks like SQL Injection, X-Path Injection, Denial of Service, and Distributed Denial of Service from the web applications like ASP, PHP, and HTML.

It is created using the JSON objects in order to embed easily within the source code.

Hence, it provides high scalability and modularity. It is stand-alone applications that can be used into the third party web sites where the individual have the access rights.

Key words: SQL- Structured Query Language, HTML- Hypertext Markup Language, ASP- Application Service Provider, JSON- JavaScript Object Notation.

INTRODUCTION

SQL and X-Path injection is a malicious attack in which the hacking code is inserted into strings and then it is passed in to the server for parsing and execution. The strings will then be checked for injection vulnerabilities because server will execute all incoming syntactically valid queries. The parameterized data can be manipulated by a skilled and determined attacker. It is mainly done by inserting the malicious code in the user input. It works by prematurely terminating a text string and appending a new string or value. The additional strings appended to it before the execution, the malefactor terminates the injected string with a comment mark "--". Subsequent text is ignored at execution time. DoS attacks are implemented to reset the target machine by consuming its resources, so that it can no longer provide its

(2)

JECET; March 2015-May 2015; Sec. B; Vol.4.No.2, 178-182 179 intended service so that they can no longer communicate adequately. It is considered as violations of the Internet Architecture Board's Internet proper use policy, and policies of virtually all Internet service providers.

Digital Clock Widget: Digital Clock Widget will display the current time in websites. Which it can be easy to embedded with websites like PHP, HTML and ASP.net typically it was used for design purpose.

This widget can be placed in main website, those who want to use that widget they can call from that widget using html <iframe src=””> </iframe> tag where it has cross side compatibility. So it will display the current time for those visited for that website. If the user want to place that digital clock widget in the website. They can able to call from the clock widget using <iframe> tag and it can be resized (or) they can modify the width and height. Earlier it was used design purpose only. But we will use the digital clock for providing the security from the malicious attacks like SQL Injection, X-PATH Injection, Phishing Attacks, Denial of Service (DoS) and Distributed Denial of Service (DDoS) and Cross Site Scripting (XSS). The Digital clock widget used to defense from that such malicious attacks in the web pages like HTML,ASP and PHP websites and we can‟t able to view the source code of a website.

Previously widgets are made with the help of Flash objects and it will be stored as .swf files. Now a days it will be used to create with java script and JSON Objects (Java script Object Notation ) . Similarly, we can‟t able to view the source code of a website. A Digital Clock widget is a stand-alone application that can be embedded into third party sites where the user has the access rights. Clock Widgets allow users to turn personal content into dynamic web apps that can be shared on websites where the code can be installed.

Figure 5.1: Widget clock

Avoidance of Sql & X-Path Injection: Web applications have been used to provide communication to the clients and to store the distributed database information. In order to avoid the malicious codes in web applications strict text typing is enabled where it examines the string with the predefined characters can be used in the string. The split lashes should be used to prevent the intrusion through special characters.

Strip lashes code will not allow the malicious code to access the administration web, it will then redirect to the same page at the attempt of hacking.

(3)

JECET; March 2015-May 2015; Sec. B; Vol.4.No.2, 178-182 180 Figure 6.1: Using malicious code in string

Figure 6.2: Redirecting to same page

Protection from Social Engineering Attacks: Phishing is not a new concept, but it is being increasingly used by attackers to steal user information and perform business crime through web applications.

Phishing is an attack that can be done through the emails to steal the particular information from an organisation. The emails will be sent with the malicious code to collapse the server of the organisation to steal the information. In order to avoid the hacking through phishing technique link guard algorithm is used where the false mails are directly sent to the spam. Its accuracy is given up to the mark of 98%.

Figure 7.1: Malicious mails in spam

(4)

JECET; March 2015-May 2015; Sec. B; Vol.4.No.2, 178-182 181 Figure 7.2: Infected mail

Ht Access File - Defense from Ddos Attacks: Denial of service is mainly done by giving frequent request to the server by which the server can be collapsed and then the information packets can be stolen very easily. It can also be further hacked by executing malwares, teardrop attack, application level flood.

This type of attack can then be overcomed by the .htaccess file. It is a directory level file configuration which is being placed inside the web tree which can be able to over ride the directories and its sub directories. Ht access file is mainly used to override the content type, character set, CGI handler, etc. A htaccess file is a simple ASCII file,as it can be created through a text editor. The .htaccess is the file extension is not file .htaccess or some page .htaccess, it is simply named .htaccess. It is also called as DDoS master which allows to find a number of other systems that can themselves be compromised and exploited. The attacker can able to scan large ranges of IP network address blocks to find systems running services known to have security vulnerabilities.

Figure 8.1: Dos attack on website.

Figure 8.2: Redirecting to ht access file

(5)

JECET; March 2015-May 2015; Sec. B; Vol.4.No.2, 178-182 182 CONCLUSION

The associative classification of digital clock in website model showed the significance importance of the website into six criteria‟s SQL Injection , X-Path Injection , Denial of Service (DoS), Distributed Denial of Service (DDoS) and social engineering with trivial influence of some other criteria like page style &

content and social human factor‟ in the final hacking rate, which can help us in securing website detection system. The experiments showed that the digital clock widget is highly competitive in terms of prediction accuracy and efficiency.

REFERENCE

1. V.Priyadharshini, Dr.K. Kuppusamy; “Prevention of DDOS Attacks using New Cracking Algorithm “ International Journal of Engineering Research and Applications; Jun 2012.

2. V.Shanmughaneethi, R.Ravichandran, S.Swamynathan; “PXpathV: Preventing XPathInjection Vulnerabilities in Web Applications” International Journal on Web Service Computing (IJWSC); September 2011.

3. Dr.K.Kuppusamy, S.Malathi; “An effective prevention of attacks using giTime frequency algorithm under ddos” International Journal of Network Security & Its Applications (IJNSA); November 2011, 3(6)

4. N.Laranjeiro, M.Vieira, H.Madeira; “Protecting Database Centric Web Services against SQL/XPath Injection Attacks”, DEXA; September 2009, Austria

5. M.Vieira, N.Antunes, H.Madeira; “Using Web Security Scanners to Detect Vulnerabilities in Web Services”, Intl.Conf. on Dependable Systems and Networks, Lisbon; 2009

6. R.Wu, H.Hisada and R.Ranaweera; „„Static analysis of web security in generic syntax format‟‟, The 2009 International Conference on Internet Computing (ICOMP 2009), Las Vegas, NV; 58-63.

7. Dimitris Mitropoulos, Vassilios Karakoidas, and Diomidis Spinellis; “Fortifying Applications againstXPath Injection Attacks”, 4th Mediterranean Conference on Information Systems; 2009.

8. Y.Huang, F.Yu, C. Hang, C.H.Tsai, D.T.Lee, and S. Y. Kuo; “Securing Web Application Code by Static Analysis and Runtime Protection”, In Proceedings of the 12th International World Wide Web Conference (WWW 04); May 2004.

9. J.Li, J. Mirkovic, M. Wang, P. Reiher, and L. Zhang; “SAVE: source address validity enforcement protocol”, In INFOCOM; June 2002

10. J.Kevin Houle, M.George Weaver; “Trends in Denial of Service Attack Technology”

CERT® Coordination Center, In collaboration with: Neil Long Rob Thomas; October 2001, v1.0

Corresponding Author: Dharani.M.K

Avinashilingam institute of home science and higher education for women, Coimbatore, Tamilnadu, India.

References

Download now ( PDF - 5 Page - 572.47 KB )

Related documents

How to Negosiate Like a Child

When you’re in danger of being pushed to the side, it might be just the right time to stand out, to do some- thing risky, bold, and dramatic, something that makes the people around

MMUP odelon

Cascade amplifier used to reduce load effect, the input impedance will be a.. What is the

High Temperature Corrosion Behavior of Alloys in Mixed-Gas Environments

The results observed after exposure of these alloys to gas 4 (Figure 5-48) containing 10% water vapor showed the formation of protective chromia scale on both alloys and no

Cardiovascular Disease Risk Factors Related to Shift Work among Korean Workers Aged from 30 to 49 Years

Health risk behaviors are associated with demographic and job characteristics such as gender, age group, job, or work type (21,22]. Therefore, we need to consider the

Beaufort Gazette Death Notices Richard Hoffman

Hunting and beaufort gazette death notices hoffman known for funerals is in or parish church in sixteen gates cemetery on her volunteer work at faith memorial chapel in family?.

Post-Conflict Factors and Repayment Rate of Microfinance Institutions in a Post-Conflict Economy: Information Asymmetry and Enforcement Analysis: Case of Burundi

Social sanction or the social penalty (W)--So cial sanction is another instrument MFIs use to put pressure on borrowers to encourage them to improve their efforts. However

UK Evidence on the Effects of Firm-Specific Characteristics on the Capital-Labour ratio under Capital Market Imperfections

Second, when firms are classified on the basis of their different characteristics we find evidence that firms with a higher degree of capital market imperfections (more

CV: MATTI LISKI. Education. Helsinki School of Economics (HSE): Ms. Sc. 1992, Lic. Sc. 1995, Dr. Sc Fields of interests

Helsinki Center for Economics Research, applied microeconomics seminar, Fall 2004 Catholic University of Chile, department of economics, Fall 2004, Fall 2006, Fall 2007