Please use this identifier to cite or link to this item:
|Title||Modern Approach for WEB Applications Vulnerability Analysis|
The numbers of security vulnerabilities that are being found today are much higher in applications than in operating systems. This means that the attacks aimed at web applications are exploiting vulnerabilities at the application level and not at the transport or network level like common attacks from the past. At the same time, quantity and impact of security vulnerabilities in such applications has grown as well. Many transactions are performed online with various kinds of web applications. Almost in all of them user is authenticated before providing access to backend database for storing all the information. A well-designed injection can provide access to malicious or unauthorized users and mostly achieved through SQL injection and Cross-site scripting (XSS). In this thesis we are providing a vulnerability scanning and analyzing tool of various kinds of SQL injection and Cross Site Scripting (XSS) attacks. Our approach can be used with any web application not only the known ones. As well as it supports the most famous Database management servers, namely MS SQL Server, Oracle, and MySQL. We validate the proposed vulnerability scanner by developing experiments to measure its performance. We used some performance metrics to measure the performance of the scanner which include accuracy, false positive rate, and false negative rate. We also compare the performance results of it with performance of similar tools in the literature.
|Publisher||الجامعة الإسلامية - المدينة|
|Files in this item|