Securing Input and Output Processes on The Web to Minimize SQL-Injection and XSS Attacks Using IDS and IPS Methods

Abstract

Some of the gaps that exist in web applications are often encountered, such as input both in the input form and input in the url. One of the attacks that are often found in data input is SQL-injection and XSS. Therefore one of the precautions is to carry out data security measures in the input and output process. Here the author uses the IDS and IPS methods as security of input forms from SQL-injection and XSS attacks. IDS is used as a detection and recording of attacks while IPS functions as a blocking access to the website if SQL-injection and XSS attacks are detected. In this case filtering uses the preg_match () function where the writer inserts the word into preg_match () as a rule which later if the user inputs what is in the preg_match () rule then the user is trying to do an injection attack. The data retrieved by the IDS script are ip_address, injected files, scripts, browsers used. IPS uses ip_address as a rule to block access from users when doing injection. It is hoped that the IDS and IPS scripts created will help secure the input output process that is on the web in order to minimize the occurrence of SQL-injection and XSS attacks.