期刊文献+
共找到10篇文章
< 1 >
每页显示 20 50 100
An Improved LSTM-PCA Ensemble Classifier for SQL Injection and XSS Attack Detection 被引量:1
1
作者 Deris Stiawan Ali Bardadi +7 位作者 Nurul Afifah Lisa Melinda Ahmad Heryanto Tri Wanda Septian Mohd Yazid Idris Imam Much Ibnu Subroto Lukman Rahmat Budiarto 《Computer Systems Science & Engineering》 SCIE EI 2023年第8期1759-1774,共16页
The Repository Mahasiswa(RAMA)is a national repository of research reports in the form of final assignments,student projects,theses,dissertations,and research reports of lecturers or researchers that have not yet been... The Repository Mahasiswa(RAMA)is a national repository of research reports in the form of final assignments,student projects,theses,dissertations,and research reports of lecturers or researchers that have not yet been published in journals,conferences,or integrated books from the scientific repository of universities and research institutes in Indonesia.The increasing popularity of the RAMA Repository leads to security issues,including the two most widespread,vulnerable attacks i.e.,Structured Query Language(SQL)injection and cross-site scripting(XSS)attacks.An attacker gaining access to data and performing unauthorized data modifications is extremely dangerous.This paper aims to provide an attack detection system for securing the repository portal from the abovementioned attacks.The proposed system combines a Long Short–Term Memory and Principal Component Analysis(LSTM-PCA)model as a classifier.This model can effectively solve the vanishing gradient problem caused by excessive positive samples.The experiment results show that the proposed system achieves an accuracy of 96.85%using an 80%:20%ratio of training data and testing data.The rationale for this best achievement is that the LSTM’s Forget Gate works very well as the PCA supplies only selected features that are significantly relevant to the attacks’patterns.The Forget Gate in LSTM is responsible for deciding which information should be kept for computing the cell state and which one is not relevant and can be discarded.In addition,the LSTM’s Input Gate assists in finding out crucial information and stores specific relevant data in the memory. 展开更多
关键词 LSTM PCA ensemble classifier sql injection XSS
下载PDF
SQL Injection Defense Mechanisms for IIS+ASP+MSSQL Web Applications
2
作者 Wu Beihua 《China Communications》 SCIE CSCD 2010年第6期145-147,共3页
With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and... With the sharp increase of hacking attacks over the last couple of years, web application security has become a key concern. SQL injection is one of the most common types of web hacking and has been widely written and used in the wild. This paper analyzes the principle of SQL injection attacks on Web sites, presents methods available to prevent IIS + ASP + MSSQL web applications from these kinds of attacks, including secure coding within the web application, proper database configuration, deployment of IIS. The result is verified by WVS report. 展开更多
关键词 sql injection web sites security CYBERCRIME
下载PDF
Injections Attacks Efficient and Secure Techniques Based on Bidirectional Long Short Time Memory Model 被引量:1
3
作者 Abdulgbar A.R.Farea Gehad Abdullah Amran +4 位作者 Ebraheem Farea Amerah Alabrah Ahmed A.Abdulraheem Muhammad Mursil Mohammed A.A.Al-qaness 《Computers, Materials & Continua》 SCIE EI 2023年第9期3605-3622,共18页
E-commerce,online ticketing,online banking,and other web-based applications that handle sensitive data,such as passwords,payment information,and financial information,are widely used.Various web developers may have va... E-commerce,online ticketing,online banking,and other web-based applications that handle sensitive data,such as passwords,payment information,and financial information,are widely used.Various web developers may have varying levels of understanding when it comes to securing an online application.Structured Query language SQL injection and cross-site scripting are the two vulnerabilities defined by the OpenWeb Application Security Project(OWASP)for its 2017 Top Ten List Cross Site Scripting(XSS).An attacker can exploit these two flaws and launch malicious web-based actions as a result of these flaws.Many published articles focused on these attacks’binary classification.This article described a novel deep-learning approach for detecting SQL injection and XSS attacks.The datasets for SQL injection and XSS payloads are combined into a single dataset.The dataset is labeledmanually into three labels,each representing a kind of attack.This work implements some pre-processing algorithms,including Porter stemming,one-hot encoding,and the word-embedding method to convert a word’s text into a vector.Our model used bidirectional long short-term memory(BiLSTM)to extract features automatically,train,and test the payload dataset.The payloads were classified into three types by BiLSTM:XSS,SQL injection attacks,and normal.The outcomes demonstrated excellent performance in classifying payloads into XSS attacks,injection attacks,and non-malicious payloads.BiLSTM’s high performance was demonstrated by its accuracy of 99.26%. 展开更多
关键词 Web security sql injection XSS deep learning RNN LSTM BiLSTM
下载PDF
Design & Test of an Advanced Web Security Analysis Tool (AWSAT)
4
作者 Meenakshi S. P. Manikandaswamy Vijay Madisetti 《Journal of Software Engineering and Applications》 2024年第5期448-461,共14页
Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for ... Considering the escalating frequency and sophistication of cyber threats targeting web applications, this paper proposes the development of an automated web security analysis tool to address the accessibility gap for non-security professionals. This paper presents the design and implementation of an automated web security analysis tool, AWSAT, aimed at enabling individuals with limited security expertise to effectively assess and mitigate vulnerabilities in web applications. Leveraging advanced scanning techniques, the tool identifies common threats such as Cross-Site Scripting (XSS), SQL Injection, and Cross-Site Request Forgery (CSRF), providing detailed reports with actionable insights. By integrating sample payloads and reference study links, the tool facilitates informed decision-making in enhancing the security posture of web applications. Through its user-friendly interface and robust functionality, the tool aims to democratize web security practices, empowering a wider audience to proactively safeguard against cyber threats. 展开更多
关键词 Web Security Automated Analysis Vulnerability Assessment Web Scanning Cross-Site Scripting sql injection Cross-Site Request Forgery
下载PDF
Structured Query Language Injection Penetration Test Case Generation Based on Formal Description
5
作者 韩明 苗长云 《Journal of Donghua University(English Edition)》 EI CAS 2015年第3期446-452,共7页
Aiming to improve the Structured Query Language( SQL) injection penetration test accuracy through the formalismguided test case generation,an attack purpose based attack tree model of SQL injection is proposed,and the... Aiming to improve the Structured Query Language( SQL) injection penetration test accuracy through the formalismguided test case generation,an attack purpose based attack tree model of SQL injection is proposed,and then under the guidance of this model, the formal descriptions for the SQL injection vulnerability feature and SQL injection attack inputs are established. Moreover,according to new coverage criteria,these models are instantiated and the executable test cases are generated.Experiments show that compared with the random enumerated test case used in other works,the test case generated by our method can detect the SQL injection vulnerability more effectively. Therefore,the false negative is reduced and the test accuracy is improved. 展开更多
关键词 software security penetration test web application structured query language(sql) injection test case
下载PDF
Web Security:Emerging Threats and Defense
6
作者 Abdulwahed Awad Almutairi Shailendra Mishra Mohammed AlShehri 《Computer Systems Science & Engineering》 SCIE EI 2022年第3期1233-1248,共16页
Web applications have become a widely accepted method to support the internet for the past decade.Since they have been successfully installed in the business activities and there is a requirement of advanced functiona... Web applications have become a widely accepted method to support the internet for the past decade.Since they have been successfully installed in the business activities and there is a requirement of advanced functionalities,the configuration is growing and becoming more complicated.The growing demand and complexity also make these web applications a preferred target for intruders on the internet.Even with the support of security specialists,they remain highly problematic for the complexity of penetration and code reviewing methods.It requires considering different testing patterns in both codes reviewing and penetration testing.As a result,the number of hacked websites is increasing day by day.Most of these vulnerabilities also occur due to incorrect input validation and lack of result validation for lousy programming practices or coding errors.Vulnerability scanners for web applications can detect a few vulnerabilities in a dynamic approach.These are quite easy to use;however,these often miss out on some of the unique critical vulnerabilities in a different and static approach.Although these are time-consuming,they can find complex vulnerabilities and improve developer knowledge in coding and best practices.Many scanners choose both dynamic and static approaches,and the developers can select them based on their requirements and conditions.This research explores and provides details of SQL injection,operating system command injection,path traversal,and cross-site scripting vulnerabilities through dynamic and static approaches.It also examines various security measures in web applications and selected five tools based on their features for scanning PHP,and JAVA code focuses on SQL injection,cross-site scripting,Path Traversal,operating system command.Moreover,this research discusses the approach of a cyber-security tester or a security developer finding out vulnerabilities through dynamic and static approaches using manual and automated web vulnerability scanners. 展开更多
关键词 sql injection attack cross-site scripting attack command injection attack path traversal attack
下载PDF
Web Threats Detection and Prevention Framework
7
作者 Osama M. Rababah Ahmad K. Al Hwaitat +2 位作者 Saher Al Manaseer Hussam N. Fakhouri Rula Halaseh 《Communications and Network》 2016年第3期170-178,共9页
The rapid advancement in technology and the increased number of web applications with very short turnaround time caused an increased need for protection from vulnerabilities that grew due to decision makers overlookin... The rapid advancement in technology and the increased number of web applications with very short turnaround time caused an increased need for protection from vulnerabilities that grew due to decision makers overlooking the need to be protected from attackers or software developers lacking the skills and experience in writing secure code. Structured Query Language (SQL) Injection, cross-site scripting (XSS), Distributed Denial of service (DDos) and suspicious user behaviour are some of the common types of vulnerabilities in web applications by which the attacker can disclose the web application sensitive information such as credit card numbers and other confidential information. This paper proposes a framework for the detection and prevention of web threats (WTDPF) which is based on preventing the attacker from gaining access to confidential data by studying his behavior during the action of attack and taking preventive measures to reduce the risks of the attack and as well reduce the consequences of such malicious action. The framework consists of phases which begin with the input checking phase, signature based action component phase, alert and response phases. Additionally, the framework has a logging functionality to store and keep track of any action taking place and as well preserving information about the attacker IP address, date and time of the attack, type of the attack, and the mechanism the attacker used. Moreover, we provide experimental results for different kinds of attacks, and we illustrate the success of the proposed framework for dealing with and preventing malicious actions. 展开更多
关键词 sql injection XSS DDoS Attack Suspicious User Behavior Web Applications
下载PDF
Research on Key Technology of Web Vulnerability Detection System Based on Cloud Environment
8
作者 Zhang Zhen 《International Journal of Technology Management》 2013年第12期121-124,共4页
In the light of the defect of web vulnerability detection system, combined with the characteristics of high efficient and sharing in the cloud environment, a design proposal is presented based on cloud environment, wh... In the light of the defect of web vulnerability detection system, combined with the characteristics of high efficient and sharing in the cloud environment, a design proposal is presented based on cloud environment, which analyses the key technology of gaining the URL, task allocation and scheduling and the design of attack detection. Experiment shows its feasibility and effectiveness in this paper. 展开更多
关键词 cloud technology web crawler task allocation and scheduling detection of sql injection XSS detection
下载PDF
Optimization of Secure Coding Practices in SDLC as Part of Cybersecurity Framework
9
作者 Kire Jakimoski Zorica Stefanovska Vekoslav Stefanovski 《Journal of Computer Science Research》 2022年第2期31-41,共11页
Cybersecurity is a global goal that is central to national security planning in many countries.One of the most active research fields is design of practices for the development of so-called highly secure software as a... Cybersecurity is a global goal that is central to national security planning in many countries.One of the most active research fields is design of practices for the development of so-called highly secure software as a kind of protection and reduction of the risks from cyber threats.The use of a secure software product in a real environment enables the reduction of the vulnerability of the system as a whole.It would be logical to find the most optimal solution for the integration of secure coding in the classic SDLC(software development life cycle).This paper aims to suggest practices and tips that should be followed for secure coding,in order to avoid cost and time overruns because of untimely identification of security issues.It presents the implementation of secure coding practices in software development,and showcases several real-world scenarios from different phases of the SDLC,as well as mitigation strategies.The paper covers techniques for SQL injection mitigation,authentication management for staging environments,and access control verification using JSON Web Tokens. 展开更多
关键词 CYBERSECURITY Security risks Secure SDLC sql injection Broken authentication Broken access control Mitigation practices
下载PDF
A method for detecting code security vulnerability based on variables tracking with validated-tree
10
作者 Zhefei ZHANG Qinghua ZHENG +2 位作者 Xiaohong GUAN Qing WANG Tuo WANG 《Frontiers of Electrical and Electronic Engineering in China》 CSCD 2008年第2期162-166,共5页
SQL injection poses a major threat to the application level security of the database and there is no systematic solution to these attacks.Different from traditional run time security strategies such as IDS and fire-wa... SQL injection poses a major threat to the application level security of the database and there is no systematic solution to these attacks.Different from traditional run time security strategies such as IDS and fire-wall,this paper focuses on the solution at the outset;it presents a method to find vulnerabilities by analyzing the source codes.The concept of validated tree is developed to track variables referenced by database operations in scripts.By checking whether these variables are influenced by outside inputs,the database operations are proved to be secure or not.This method has advantages of high accuracy and efficiency as well as low costs,and it is universal to any type of web application platforms.It is implemented by the software code vulnerabilities of SQL injection detector(CVSID).The validity and efficiency are demonstrated with an example. 展开更多
关键词 vulnerability detection database security sql injection
原文传递
上一页 1 下一页 到第
使用帮助 返回顶部