Conference Papers

Permanent URI for this collectionhttps://idr.nitk.ac.in/handle/123456789/28506

Browse

Subject: search.filters.subject.Injection vulnerability

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Detection and prevention of SQL injection attacks using semantic equivalence
    (2011) Narayanan, S.N.; Pais, A.R.; Mohandas, R.
    SQL injection vulnerability is a kind of injection vulnerability in which the database server is forced to execute some illicit operations by crafting specific inputs to the web server. Even though this vulnerability has had it's presence for several years now, most of its popular mitigation techniques are based on safe coding practices, which are neither applicable to the existing applications, nor are application independent. Here we propose a new application logic independent solution to prevent SQL injection attacks which can be applicable to any dynamic web technology. The new solution detects SQL injection by considering the semantic variance between the queries generated by the query function with safe inputs and injection inputs. We have implemented the complete solution in ASP.NET with C# web applications using a custom written tool, SIAP, which patches the SQL Injection vulnerabilities in an existing web application by instrumenting the binaries. © Springer-Verlag 2011.
  • No Thumbnail Available
    Item
    Mitigation of cross-site scripting attacks in mobile cloud environments
    (Springer Verlag service@springer.de, 2019) Madhusudhan, R.; Shashidhara
    Cross-Site Scripting (XSS) is one of the dangerous and topmost web attacks as stated by recent surveys. XSS vulnerability arises, when an application deployed in a cloud, accept information from uncertain origin without an input validation, allowing the execution of dynamic content. XSS vulnerabilities may cause serious security violations in web and mobile cloud-based applications. In general, Cross-Site Scripting bugs are very easy to accomplish, but hard to discover and mitigate, because of the flexibility of encoding schemes like HTML encoding, which offers the adversary numerous chances to bypass the filters that should block dangerous content from being inserted into relied websites. In order to mitigate XSS vulnerability of a web application in the mobile cloud, a novel approach is presented, which successfully identifies the JavaScript-driven XSS attacks. In addition, we focus on, initiating a client-side Cross-Site Scripting attack discovery and mitigation technique known as Secure XSS layer based on the placement of sanitizers in the inserted malicious code. © Springer Nature Singapore Pte Ltd. 2019.