Browsing by Author "Sadalkar, K."

Filter results by typing the first few letters
Now showing 1 - 3 of 3
  • Thumbnail Image
    Item
    Model based hybrid approach to prevent SQL injection attacks in PHP
    (2011) Sadalkar, K.; Mohandas, R.; Pais, A.R.
    SQL Injection vulnerability is ranked 1st in the OWASP top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. Inspite of preventive measures like educating developers about safe coding practices, statistics shows that these vulnerabilities are still dominating the top. Various static and dynamic approaches have been proposed to mitigate this vulnerability. In this paper, we present a hybrid approach to prevent SQL injection attacks in PHP, a popular server side scripting language. This technique is more effective to prevent SQL injection attack in a dynamic web content environment without use of complex string analyzer logic. Initially, we construct a Query model for each hotspot by running the application in safe mode. In the production environment, dynamically generated queries are validated with it. The results and analysis shows the proposed approach is simple and effective to prevent common SQL injection vulnerabilities. � 2011 Springer-Verlag.
  • No Thumbnail Available
    Item
    Model based hybrid approach to prevent SQL injection attacks in PHP
    (2011) Sadalkar, K.; Mohandas, R.; Pais, A.R.
    SQL Injection vulnerability is ranked 1st in the OWASP top 10 vulnerability list and has resulted in massive attacks on a number of websites in the past few years. Inspite of preventive measures like educating developers about safe coding practices, statistics shows that these vulnerabilities are still dominating the top. Various static and dynamic approaches have been proposed to mitigate this vulnerability. In this paper, we present a hybrid approach to prevent SQL injection attacks in PHP, a popular server side scripting language. This technique is more effective to prevent SQL injection attack in a dynamic web content environment without use of complex string analyzer logic. Initially, we construct a Query model for each hotspot by running the application in safe mode. In the production environment, dynamically generated queries are validated with it. The results and analysis shows the proposed approach is simple and effective to prevent common SQL injection vulnerabilities. © 2011 Springer-Verlag.
  • No Thumbnail Available
    Item
    Towards evaluating resilience of SIP server under low rate DoS attack
    (2011) Kumar, A.; Santhi Thilagam, P.S.; Pais, A.R.; Sharma, V.; Sadalkar, K.
    Low rate Denial-of Service, DoS, attack recently emerged as the greatest threat to enterprise VoIP systems. Such attacks are difficult to detect and capable of discovering vulnerabilities in protocols with low rate traffic and it noticeably affects the performance of Session Initiation Protocol, SIP, communication. In this paper, we deeply analysis the resilience of SIP server against certain low rate DoS attacks. For this purpose we define performance metrics of SIP server under attack and non-attack scenarios. The performance degradation under attacks gives a measure of resilience of the SIP server. In order to generate normal SIP traffic and the attacks, we defined our own XML scenarios and implemented them using a popular open source tool known as SIPp. The system under evaluation was an open source SIP server. © 2011 Springer-Verlag.