Intelligent techniques for securing web applications from SQL injections and XSS attacks

Abstract

In this thesis, an architectural framework for an web application security system that secures web applications intelligently from Cross Site Scripting (XSS) attacks and Structured Query Language (SQL) injection attacks has been proposed and implemented. This system provides intelligent techniques for effective detection and prevention of stored XSS attacks and reflected XSS attacks in the browser and server side of web applications. For this purpose, new techniques have been proposed for intelligent query classification that helps to classify queries into normal and malicious queries. In this thesis, an architectural framework for an web application security system that secures web applications intelligently from Cross Site Scripting (XSS) attacks and Structured Query Language (SQL) injection attacks has been proposed and implemented. This system provides intelligent techniques for effective detection and prevention of stored XSS attacks and reflected XSS attacks in the browser and server side of web applications. For this purpose, new techniques have been proposed for intelligent query classification that helps to classify queries into normal and malicious queries. Finally, this thesis provides a web based anomaly intrusion detection technique that uses fuzzy rules to detect and prevent the anomalies in web applications. For this purpose, this system uses a new Role Based Access Control (RBAC) policy which is enforced using intelligent rules by an access control manager. This role based access control technique provides options to the user for executing the prevention techniques based on the anomaly score level received from the fuzzy rules. Moreover, this newly proposed technique is capable of making effective decisions by using probability values in order to reduce the SQL injections attacks and anomalies on web applications. newline newline newline