Open Access Open Access  Restricted Access Subscription or Fee Access

Web Security: A prototype Tool for Detecting Web Application Vulnerability

H M Andan, G. Aravind, Tripty Singh

Abstract



Today`s fast growing software industry cluster of platform have been developed for the user conveniences due to the various platform`s, development of application for each platform becoming crucial to make a compatible for all the devices and platform, so developer stared using web applications as a major platform, which is compatible for all platforms. Hence web has become major platform for the developers. Due to increase in the web application development, interest of attackers started exploiting these applications. This paper address a methodology and a prototype tool to evaluate web application vulnerabilities (XSS and SQLi). The methodology is based on the idea of injecting realistic vulnerabilities in a web application and automating mechanism to attack application. To support the assessment of existing security mechanisms a tool is developed to detect such vulnerabilities. The process of validation based on including the evaluation of false positives in SQL Injection attacks and XSS. Analyzed results represents an efficient way to evaluate such vulnerability and to point out their flaws which provides ways for their improvement.



Full Text:

PDF

Refbacks

  • There are currently no refbacks.


Disclaimer/Regarding indexing issue:

We have provided the online access of all issues and papers to the indexing agencies (as given on journal web site). It’s depend on indexing agencies when, how and what manner they can index or not. Hence, we like to inform that on the basis of earlier indexing, we can’t predict the today or future indexing policy of third party (i.e. indexing agencies) as they have right to discontinue any journal at any time without prior information to the journal. So, please neither sends any question nor expects any answer from us on the behalf of third party i.e. indexing agencies.Hence, we will not issue any certificate or letter for indexing issue. Our role is just to provide the online access to them. So we do properly this and one can visit indexing agencies website to get the authentic information. Also: DOI is paid service which provided by a third party. We never mentioned that we go for this for our any journal. However, journal have no objection if author go directly for this paid DOI service.