Browsing by Author "Narayanan, S.N."

Filter results by typing the first few letters
Now showing 1 - 4 of 4
  • Thumbnail Image
    Item
    Detection and prevention of SQL injection attacks using semantic equivalence
    (2011) Narayanan, S.N.; Pais, A.R.; Mohandas, R.
    SQL injection vulnerability is a kind of injection vulnerability in which the database server is forced to execute some illicit operations by crafting specific inputs to the web server. Even though this vulnerability has had it's presence for several years now, most of its popular mitigation techniques are based on safe coding practices, which are neither applicable to the existing applications, nor are application independent. Here we propose a new application logic independent solution to prevent SQL injection attacks which can be applicable to any dynamic web technology. The new solution detects SQL injection by considering the semantic variance between the queries generated by the query function with safe inputs and injection inputs. We have implemented the complete solution in ASP.NET with C# web applications using a custom written tool, SIAP, which patches the SQL Injection vulnerabilities in an existing web application by instrumenting the binaries. � Springer-Verlag 2011.
  • No Thumbnail Available
    Item
    Detection and prevention of SQL injection attacks using semantic equivalence
    (2011) Narayanan, S.N.; Pais, A.R.; Mohandas, R.
    SQL injection vulnerability is a kind of injection vulnerability in which the database server is forced to execute some illicit operations by crafting specific inputs to the web server. Even though this vulnerability has had it's presence for several years now, most of its popular mitigation techniques are based on safe coding practices, which are neither applicable to the existing applications, nor are application independent. Here we propose a new application logic independent solution to prevent SQL injection attacks which can be applicable to any dynamic web technology. The new solution detects SQL injection by considering the semantic variance between the queries generated by the query function with safe inputs and injection inputs. We have implemented the complete solution in ASP.NET with C# web applications using a custom written tool, SIAP, which patches the SQL Injection vulnerabilities in an existing web application by instrumenting the binaries. © Springer-Verlag 2011.
  • Thumbnail Image
    Item
    Testing resilience of router against denial of service attacks
    (2011) Karande, V.M.; Narayanan, S.N.; Pais, A.R.; Balakrishnan, N.
    Provisioning data security and integrity in an IP network requires a detailed understanding of both the architecture and the performance of devices that are used within the network. A router interconnects two or more computer networks, and it becomes most common target for attackers to carry out Denial of Service Attacks. Thus it is necessary to study the effect of resource exhaustion attack on router with respect to its performance and security. In this paper, the proposed framework provides an effective method to evaluate router performance and its resilience against denial of service attacks. The feasibility of the framework has been demonstrated by carrying out different resource exhaustion attacks on device under test (DUT) i.e. router, and the resilience against the attacks is measured using a defined set of performance metrics. � 2011 Springer-Verlag.
  • No Thumbnail Available
    Item
    Testing resilience of router against denial of service attacks
    (2011) Karande, V.M.; Narayanan, S.N.; Pais, A.R.; Balakrishnan, N.
    Provisioning data security and integrity in an IP network requires a detailed understanding of both the architecture and the performance of devices that are used within the network. A router interconnects two or more computer networks, and it becomes most common target for attackers to carry out Denial of Service Attacks. Thus it is necessary to study the effect of resource exhaustion attack on router with respect to its performance and security. In this paper, the proposed framework provides an effective method to evaluate router performance and its resilience against denial of service attacks. The feasibility of the framework has been demonstrated by carrying out different resource exhaustion attacks on device under test (DUT) i.e. router, and the resilience against the attacks is measured using a defined set of performance metrics. © 2011 Springer-Verlag.