Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Author: search.filters.author.Madhusudhan, R.Subject: search.filters.subject.Web application security

Search Results

Now showing 1 - 2 of 2
  • No Thumbnail Available
    Item
    Cross Channel Scripting (XCS) Attacks in Web Applications: Detection and Mitigation Approaches
    (Institute of Electrical and Electronics Engineers Inc., 2019) Madhusudhan, R.; Shashidhara
    XCS (Cross Channel Scripting) is a dangerous web application vulnerability, in which injection of the malicious code and attack execution is performed through network protocols. This vulnerability is the variant and sophistication concept of XSS (Cross-Site Scripting). We disclose a range of XCS attacks on embedded servers, which make use of electronic devices such as photo frames, cameras, wireless routers and wireless access points. All these devices have web interfaces, which permits an admin to perform various tasks on the device that is connecting from a web browser to the web server. An attack execution is carried by inserting malevolent code in the device, which is executed in the context of a legitimate user when he/she opens the page containing injected malicious code. This malevolent code can be inserted in the device through non web channels like SNMP (Simple Network Management Protocol), FTP (File Transfer Protocol) or NFS (Network File System). Unfortunately, the injected malicious code can fully compromise the security of devices, which are embedded in web servers. In this paper, a comprehensive analysis of the XCS exploitation and mitigation techniques have been presented. © 2018 IEEE.
  • No Thumbnail Available
    Item
    Prevention of SQL Injection Attacks Using Cryptography and Pattern Matching
    (Springer Science and Business Media Deutschland GmbH, 2022) Madhusudhan, R.; Ahsan, M.
    The internet is rapidly expanding that allow easy access to information, thus attackers develop different methodologies to access it and hence the security related to it becomes priority for all. SQL injection attack (SQLIA) has consistently posed serious threat since its existence. SQLIA is a web security vulnerability through which attackers can give specifically designed input to steal or manipulate sensitive information by interacting with the database. The objective of the research is to provide a defensive mechanism to protect a particular web application against such attacks. The paper acknowledged some existing models and give special attention to models based on encryption and pattern matching techniques. Encryption based models have proven themselves to be very effective against SQLIA by preventing attackers from authentication access. But such model will undermine the integrity of the tables if used in places other than the authentication form. Thus, we employ an additional layer of security based on pattern matching techniques. Our idea differs in a way that it compares a temporary structure generated from the user’s query with all defined benign structures created from the benign queries that are usually expected by the web application. The proposed model uses Blowfish algorithm in authentication form which upon simulation is preventing all kind of SQLIA from authentication access and upon the implementation of Knuth-Morris-Pratt pattern matching technique, the model will ensure the prevention of any new and existing kind of SQLIA. The model is under development and is believed to provide a robust environment in preventing all kind of SQLI attacks with overall reduced complexity. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.