DE-PRE Tool for Detection and Prevention from Input Validation Attacks on Website

Prathamesh P. Churi; Kamal Mistry

doi:10.22632/ccs-2017-252-21

DE-PRE Tool for Detection and Prevention from Input Validation Attacks on Website

Circulation in Computer Science ◽

10.22632/ccs-2017-252-21 ◽

2017 ◽

Vol 2 (5) ◽

pp. 23-27

Author(s):

Prathamesh P. Churi ◽

Kamal Mistry

Keyword(s):

Software Development ◽

Web Application ◽

Buffer Overflow ◽

The Internet ◽

Security Issues ◽

Specific Input ◽

Development Cycle ◽

Software Overhead ◽

Input Validation

In most cases, usually, when a web application or a website is fully developed it is released over the internet and if not provided with proper security then it is susceptible to input validation attacks; specifically SQLIA, XSS, Buffer Overflow. A website can be hacked within hours of its release on the internet. It is at this point the developing team realizes to consider security issues and to backtrack and repair. Applying security at this stage is a costly, time consuming process which would also include some software overhead. To avoid this and to prevent websites from input validation attacks we plan to impart security at the software development cycle itself such that the website is protected prior to its release considering the vulnerabilities of the same and the behaviour of the attacks and later it will not be under any threat by the specific input validation attacks. To implement this, we are designing a useful utility tool that imparts security at the software development cycle of any website that requires protection.

Download Full-text

Analysis of Buffer Overflow Exploits and Prevention Strategies

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.513-517.1701 ◽

2014 ◽

Vol 513-517 ◽

pp. 1701-1704 ◽

Cited By ~ 1

Author(s):

Shu Xin Xu ◽

Jun Zhang Chen

Keyword(s):

Network Security ◽

Software Development ◽

Programming Language ◽

Rapid Development ◽

Buffer Overflow ◽

Network Technology ◽

Prevention Strategies ◽

General Process ◽

Security Issues ◽

Network Applications

With the rapid development of network technology and the emergence of a variety of applications,network security issues became the top priority of the network applications. This article first explains the concept of buffer overflow,and then from the programming language itself flawed,not robust perspective on the emergence,to the emergence of buffer overflow attacks and principle are analyzed in detail,described hackers using buffer overflow attacks the general process,and according to the type of buffer overflow attacks,software development and program runs from two aspects of proposed buffer overflow attack prevention strategy.

Download Full-text

Security Issues in Web Services

Handbook of Research on Network Forensics and Analysis Techniques - Advances in Information Security, Privacy, and Ethics ◽

10.4018/978-1-5225-4100-4.ch004 ◽

2018 ◽

pp. 57-64

Author(s):

Priyanka Dixit

Keyword(s):

Web Application ◽

Web Applications ◽

Future Research ◽

The Internet ◽

Web Application Security ◽

Web Based ◽

Security Issues ◽

Digital World ◽

Important Region ◽

The Web

This chapter describes how security is an important aspect in today's digital world. Every day technology grows with new advancements in various areas, especially in the development of web-based applications. All most all of the web applications are on the internet, hence there is a large probability of attacks on those applications and threads. This makes security necessary while developing any web application. Lots of techniques have been developed for mitigating and defending against threats to the web based applications over the internet. This chapter overviews the important region of web application security, by sequencing the current strategies into a major picture to further the future research and advancement. Firstly, this chapter explains the major problem and obstacles that makes efforts unsuccessful for developing secure web applications. Next, this chapter distinguishes three basic security properties that a web application should possess: validation, integrity, accuracy and portray the comparing vulnerabilities that damage these properties alongside the assault vectors that contain these vulnerabilities.

Download Full-text

A Combined Two Step Approach for Detecting Input Validation Attacks Against Web Applications

International Journal of Computer Science and Informatics ◽

10.47893/ijcsi.2013.1099 ◽

2013 ◽

pp. 243-249

Author(s):

M. Kishore ◽

B. Srinivas ◽

Jayadev Gyani

Keyword(s):

Web Application ◽

Web Applications ◽

Detection System ◽

False Positive Rate ◽

Malicious Code ◽

Divide And Conquer ◽

The Internet ◽

Unrestricted Access ◽

Access To Data ◽

Input Validation

Internet becomes a part of our daily life. Almost very service by the internet will be provided with the help of web applications with these we can say that without the web application we cannot do anything over the internet but at the same time web applications are mostly targeted by the hackers. In this paper we present an efficient intrusion detection system approach for detecting input validation attacks against web application. Web application attacks gives chance to the attacker to get unrestricted access to data base and web servers. In this approach we have proposed a two step approach to detect input validation attacks against web applications. By using our approach we can prevent input validation attacks against web applications very efficiently. In the first step we have used a honey pot system to find any malicious data is present or not. In the second step we have used efficient intrusion mechanism to identify the attacks that was not identified in the first step. In this we used an efficient Hirschberg algorithm this is a divide and conquer approach to find attacks against web applications. This system analyzes malicious code and immediately generates an alert to protect web applications from the attacker. By using this technique we can reduce the analysis time and false positive rate.

Download Full-text

Threat Modeling and Security Issues for the Internet of Things

2019 Conference on Next Generation Computing Applications (NextComp) ◽

10.1109/nextcomp.2019.8883642 ◽

2019 ◽

Cited By ~ 1

Author(s):

Amar Seeam ◽

Ochanya S. Ogbeh ◽

Shivanand Guness ◽

Xavier Bellekens

Keyword(s):

Internet Of Things ◽

The Internet ◽

Threat Modeling ◽

Security Issues ◽

The Internet Of Things

Download Full-text

Centralized, Distributed, and Everything in between

ACM Computing Surveys ◽

10.1145/3465170 ◽

2022 ◽

Vol 54 (7) ◽

pp. 1-34

Author(s):

Sophie Dramé-Maigné ◽

Maryline Laurent ◽

Laurent Castillo ◽

Hervé Ganem

Keyword(s):

Access Control ◽

Future Research ◽

The Internet ◽

Research Directions ◽

Security Issues ◽

Security Properties ◽

Future Research Directions ◽

Iot Devices ◽

The Internet Of Things ◽

Security Of Iot

The Internet of Things is taking hold in our everyday life. Regrettably, the security of IoT devices is often being overlooked. Among the vast array of security issues plaguing the emerging IoT, we decide to focus on access control, as privacy, trust, and other security properties cannot be achieved without controlled access. This article classifies IoT access control solutions from the literature according to their architecture (e.g., centralized, hierarchical, federated, distributed) and examines the suitability of each one for access control purposes. Our analysis concludes that important properties such as auditability and revocation are missing from many proposals while hierarchical and federated architectures are neglected by the community. Finally, we provide an architecture-based taxonomy and future research directions: a focus on hybrid architectures, usability, flexibility, privacy, and revocation schemes in serverless authorization.

Download Full-text

LIGHTWEIGHT CRYPTOGRAPHIC ALGORITHM IMPLEMENTATION IN A MICROCONTROLLER SYSTEM

STRATEGIES XXI - Command and Staff College ◽

10.53477/2668-2028-21-33 ◽

2021 ◽

Vol 17 (1) ◽

pp. 260-264

Author(s):

Alexandru VULPE ◽

Raluca ANDREI ◽

Alexandru BRUMARU ◽

Octavian FRATU

Keyword(s):

The Internet ◽

Continuous Increase ◽

Security Issues ◽

Cryptographic Algorithm ◽

Physical Limitations ◽

Encryption Algorithms ◽

Iot Devices ◽

The Cost ◽

Algorithm Implementation ◽

Lightweight Encryption

Abstract: With the development of mobile devices and the advent of smartphones, the Internet has become part of everyday life. Any category of information about weather, flight schedule, etc. it is just a click away from the keyboard. This availability of data has led to a continuous increase in connectivity between devices, from any corner of the world. Combining device connectivity with systems automation allows the collection of information, its analysis and implicitly decision-making on the basis of information. Their introduction and continued expansion of devices that communicate in networks (including the Internet) have made security issues very important devices as well as for users. One of the main methodologies that ensures data confidentiality is encryption, which protects data from unauthorized access, but at the cost of using extensive mathematical models. Due to the nature of IoT devices, the resources allocated to a device can be constrained by certain factors, some of which are related to costs and others to the physical limitations of the device. Ensuring the confidentiality of data requires the use of encryption algorithms for these interconnected devices, which provide protection while maintaining the operation of that device. The need for these types of algorithms has created conditions for the growth and development of the concept of lightweight encryption, which aim to find encryption systems that can be implemented on these categories of devices, with limited hardware and software requirements. The paper proposes a lightweight cryptographic algorithm implemented on a microcontroller system, comparing its performances with those of the already existing system (based on x86).

Download Full-text

The Design and Implementation of Code Generation Based on J2EE in the Development of JBPM Workflow System

Applied Mechanics and Materials ◽

10.4028/www.scientific.net/amm.263-266.1961 ◽

2012 ◽

Vol 263-266 ◽

pp. 1961-1968

Author(s):

Yong Chao Song ◽

Bu Dan Wu ◽

Jun Liang Chen

Keyword(s):

Software Development ◽

Code Generation ◽

System Development ◽

Source Code ◽

Design And Implementation ◽

Workflow System ◽

Development Cycle ◽

The Cost ◽

Static Form

According to the feature of the JBPM workflow system development, the target code generated is determined by analyzing the process of JBPM workflow development and the architecture of J2EE. The code generation tool generates code by parsing the static form source code and loading the code generation template. The code generation tool greatly shortens the JBPM workflow system development cycle and reduces the cost of software development which has the good practicality and scalability.

Download Full-text

Multilevel classification of security threats in cloud computing

International Journal of Engineering & Technology ◽

10.14419/ijet.v7i1.5.9157 ◽

2017 ◽

Vol 7 (1.5) ◽

pp. 253

Author(s):

N. Srinivasu ◽

O. Sree Priyanka ◽

M. Prudhvi ◽

G. Meghana

Keyword(s):

Cloud Computing ◽

Web Application ◽

Service Level Agreement ◽

Service Level ◽

Security Threats ◽

Security Threat ◽

Security Issues ◽

Network Applications ◽

Storage Network ◽

Multilevel Classification

Cloud Security was provided for the services such as storage, network, applications and software through internet. The Security was given at each layer (Saas, Paas, and Iaas), in each layer, there are some security threats which became the major problem in cloud computing. In Saas, the security issues are mainly present in Web Application services and this issue can be overcome by web application scanners and service level agreement(SLA). In Paas, the major problem is Data Transmission. During transmission of data, some data may be lost or modified. The PaaS environment accomplishes proficiency to some extent through duplication of information. The duplication of information makes high accessibility of information for engineers and clients. However, data is never fully deleted instead the pointers to the data are deleted. In order to overcome this problem the techniques that used are encryption[12], data backup. In Iaas the security threat that occurs in is virtualization and the techniques that are used to overcome the threats are Dynamic Security Provisioning(DSC), operational security procedure, for which Cloud Software is available in the market, for e.g. Eucalyptus, Nimbus 6.

Download Full-text

CADANGAN PROTOTAIP SISTEM PENGURUSAN MAKLUMAT LADANG BAGI PETANI KECIL DI MALAYSIA

Jurnal Teknologi ◽

10.11113/jt.v78.5454 ◽

2016 ◽

Vol 78 (8) ◽

Author(s):

Mohd Shahrul Nizam Mohd Danuri ◽

Mohd Sazili Shahibi ◽

Rohizah Abd Rahman

Keyword(s):

Information System ◽

Software Development ◽

Web Application ◽

Smallholder Farmers ◽

Extraction Process ◽

Design System ◽

Application Development ◽

Design Data ◽

Information System Research ◽

Development Tool

This paper introduces the process of developing web application of farm management information system (FMIS) for smallholder farmers in Malaysia by using rapid application development (RAD) prototyping methodology in information system research design. FMIS is important ICT solution to assist smallholder farmer to be more competitive in agriculture. The web application requirement determined through extraction process using physical data-driven design system from Malaysia Good Agriculture Practise (MyGAP) physical forms. Additionally, the functions and features of the system were determined through several questionnaires which were distributed to 209 smallholder farmers located in Taman Kekal Pengeluaran Makanan (TKPM) in Selangor. Selangor agricultural area together with smallholders farmers were chosen as respondents because Selangor is the highest internet penetration state in Malaysia. Subsequently, the design and analysis of FMIS are constructed by us including the database design, data flow design, system flow design and software development which was validated by two other experienced system analysts. The software development process were using PHP web development tool called Scriptcase version 8 which were taking less than 2 months to be completed. Furthermore, we also made a comparative study of an existing system available in the market to give additional competitive value to the new development of FMIS in Malaysia. The final developed FMIS is accessible through the official MyAgris website.

Download Full-text

Business ideas in start-ups

SHS Web of Conferences ◽

10.1051/shsconf/20208301063 ◽

2020 ◽

Vol 83 ◽

pp. 01063

Author(s):

Štefan Slávik

Keyword(s):

Information And Communication Technologies ◽

New Technologies ◽

Legal Protection ◽

Communication Technologies ◽

Point Of View ◽

The Internet ◽

Development Cycle ◽

Start Up ◽

Information And Communication ◽

Start Ups

Start-up is a modern entrepreneurship form designed to realize original business ideas, mostly based on new technologies and the Internet. It evolves in the development cycle, which is determined by the business idea development cycle and the financing cycle. The purpose of the paper is to describe and analyse the business idea. The business idea is characterized by its content, circumstances of its origin, degree of originality and evidence of this originality. Start-ups are dominated by business ideas based on the application of information and communication technologies, the business idea is most often created by combining professional and business experience, but its originality is from the international point of view only average and the level of legal protection is quite rare.

Download Full-text