A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm

Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measure...

Celý popis

Uloženo v:
Podrobná bibliografie
Vydáno v:EURASIP Journal on Information Security Ročník 2020; číslo 1; s. 1 - 14
Hlavní autoři: Abikoye, Oluwakemi Christiana, Abubakar, Abdullahi, Dokoro, Ahmed Haruna, Akande, Oluwatobi Noah, Kayode, Aderonke Anthonia
Médium: Journal Article
Jazyk:angličtina
Vydáno: Cham Springer International Publishing 18.08.2020
Springer Nature B.V
SpringerOpen
Témata:
Algorithms
Applications programs
Communications Engineering
Cross-site scripting
Engineering
Information security
Knuth-Morris-Pratt (KMP) string matching algorithm
Malware
Networks
Query languages
Security Science and Technology
Signal,Image and Speech Processing
SQL injection
String matching
Structured Query Language-SQL
Systems and Data Security
Web application vulnerability
SQL injection
Web application vulnerability
Cross-site scripting
Information security
Knuth-Morris-Pratt (KMP) string matching algorithm
ISSN:2510-523X, 1687-4161, 2510-523X, 1687-417X
On-line přístup:Získat plný text
Tagy: Přidat tag
Žádné tagy, Buďte první, kdo vytvoří štítek k tomuto záznamu!
Popis
Shrnutí:Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attacks
Bibliografie:ObjectType-Article-1
SourceType-Scholarly Journals-1
ObjectType-Feature-2
content type line 14
ISSN:2510-523X
1687-4161
2510-523X
1687-417X
DOI:10.1186/s13635-020-00113-y