A Method for Web Application Vulnerabilities Detection by Using Boyer-Moore String Matching Algorithm

Abstract

Abstract Internet have become a great medium of communication as it is free, supportive, entertaining and easily for reachable to millions of people today. The usage of Internet among people become higher day by day, thus also increase the number of web application. Nevertheless, most of the web application exists have some vulnerability as there are some irresponsible people known as hacker that able to interrupt the peace of it. Some of well-known web application vulnerabilities are SQL Injection, Buffer Overflow, Cross Site Scripting and Cross Site request Forgery. In order to overcome this vulnerabilities, it is important to detect first the problem before prevent it. At present, there are a lot of web application vulnerabilities scanner that have been proposed by researcher for detecting web application vulnerabilities such as Acunetix WVS by Acunetix, Netsparker by Mavituna Security, w3af by w3af.org and Firefuzzer. However, these scanners have some limitation such as higher false negative although some of it has no false positive. Therefore, this paper proposed a technique aim to solve these issues by developing a detection method for detect the web application vulnerabilities by using Boyer-Moore String Matching Algorithm. Numerous experiments have been conducted in order to evaluate the performance. The result shows that proposed method has performed well in terms of the ability to accurately detect vulnerabilities based on false negative and have no false positive with low processing time.