ALGORITHMS FOR IMPLEMENTING STRATEGIES TO DETECT AND MITIGATE WEB APPLICATION VULNERABILITIES

Abstract

The Internet, one of the wonders of modern science, has impacted the newlinelifestyle of people, regardless of age, education and standard of living. The newlinerelation between customers and business has assumed newer dimensions newlineand approached new horizons because of Internet based applications, also newlinecalled the Web Applications. However, there are also problems that tag newlinealong, and mainly the problem of security issues related to Web Applications newlinethat needs to be addressed first. Attacks on the Web application can newlinebasically be on applications used in desktop devices or handheld devices. In newlinedesktop based Web applications, in accordance with the client input to a Web newlineapplication, data are either stored or processed or retrieved. If this client input newlinecould be infected, then the whole Web application system would be newlinecompromised. This compromise is caused by the Structured Query newlineLanguage (SQL) Injection attack and the Cross Site Scripting (XSS) Attack, newlinewhich are called the Input validation attacks. Studies have proved that newlineinsufficient validation on the client input is the major reason for these attacks. newlineTo detect and mitigate these attacks a novel server side approach using data newlinecleansing algorithm has been proposed and implemented in this work. This newlinesystem uses a reverse proxy that interprets the input from the user, extracts newlinethe user query, and sanitizes it before sending the processed input to the newlineserver. To test the system, four applications from the test bed newlinewww.gotocode.com have been used. The inputs to these applications were newlinethe SQL injection commands from the cheat sheet developed by Halfond et newlineal., for their work AMNESIA. The accuracy of the system accounted to 100% newlinewith a minimal trade-off of 3.49% increase in response time. newlineIn recent years, the Web Applications have migrated from the client newlineserver architecture to the Smartphone systems. The Web Applications have newlinebeen tailored for use in Smartphones. The security issues in the Smartphone newlinescenario could be caused through two ports, the permissions and the WebView.