Abstract: Most of the cyber security techniques present today have many critical faults. This provides to be an openway for hackers and criminals. Using widespread techniques, hackers and criminals try to gain entry into one’s system using these backdoors. However, gaining entry and retrieving information can be a tedious task for the hackers. Hence they use techniques such as SQL injection and Cross-Site Scripting (XSS) to obtain sensitive data such as password, account no etc. This paper analyses the source code of security patches of widely used web applications written in weak and strong typed languages. Results show that only a small subset of software fault types, affecting a restricted collection of statements, is related to security. To understand how these vulnerabilities are really exploited by hackers, this paper also presents an analysis of the source code of the scripts used to attack them. The outcomes of this study can be used to train software developers and code inspectors in the detection of such faults and are also the foundation for the research of realistic vulnerability and attack injectors that can be used to assess security mechanisms, such as intrusion detection systems, vulnerability scanners, and static code analysers.
Keywords: Intrusion detection, XSS, SQL injection, hackers, criminals, vulnerability, click-jacking, tab-nabbing.
Title: A Survey to Detect and Prevent Web Attacks
Author: Mrunali P. Pathak, Nida Kausar Khan, Tejashree C. Tantak
International Journal of Computer Science and Information Technology Research
ISSN 2348-1196 (print), ISSN 2348-120X (online)
Research Publish Journals
