SECSIX: security engine for CSRF, SQL injection and XSS attacks

Abstract

With the increase in human-web interaction, vulnerabilities has surfaced the various networks. With the rapidly growing technology, the ease of accessibility through web applications has revolutionized the traditional view of an office or a company completely. Web application carries sensitive data and they are accessible 24 × 7. Web site hacking continue to gain popularity as hackers are exploiting vulnerabilities across all geographies and across various types of web technologies. Hackers are constantly experimenting with a wide range of attacking techniques to compromise websites and hack sensitive data such as credit card number, social security number and other personal information. The three most commonly used attacks, according to Open Web Application Security Project (2012) vulnerability list have been discussed in this paper, namely SQL injection attack (SQLIA), cross-site scripting (XSS) and Cross site request forgery (CSRF) attack. In this paper, we present a security engine to counter SQLIA, XSS attack and CSRF attack.