Prevention of code injection vulnerabilities in web applications through web services

Abstract

Providing secure service in a web environment is of growing concern and a real challenge in web application security Security remains a major challenge to the entire web especially since the recent sharp increase in remotely exploitable vulnerabilities have been attributed to web application bugs Most of the threats are created through application level vulnerabilities which have been exploited with serious consequences Among the various types of application level vulnerabilities code injection vulnerabilities are widely prevalent Code Injection is a type of exploitation caused by newlineprocessing malicious data input The common code injection vulnerabilities are SQL injection XPath injection Cross site scripting XSS attack and Session hijacking To prevent code injection vulnerabilities a novel mechanism called Web Applications Secure System from Code Injection Vulnerabilities through Web Services is proposed and designed The WAPS CIVS system has four major preventer components such as the SQL injection preventer XPath injection preventer Cross site script attack preventer and session hijacking preventer The SQL injection preventer system of WAPS CIVS contributes to the identification of the invalid SQL statements with vulnerable user input Whenever the user provides the inputs to the web application these inputs are the core part to form the SQL query which will be crafted at application logic and later will run at the data logic to provide the necessary data support newline newline