Abstract

The use of technology is increasing rapidly, such as applications or services connected to the Internet. Security is considered necessary because of the growing and increasing use of digital systems. With the number of threats to attacks on digital form or server systems is required to handle the risk of attacks on the server, the file upload feature. The system usually processes the file upload feature on a website or server with server-side (back-end) validation or filtering of digital object file types or a client-side (front-end) web browser in HTML or Javascript. Filtering techniques for Scalable Vector Graphics (SVG) usually files only see the file extension or Multipurpose Internet Mail Extension (MIME) type of an uploaded file. However, this filtering can still manipulate, for example, in ASCII prefix checking, which has two writes, namely "<?xml” and “<svg ”. SVG files do not contain metadata such as image encoded in JPEG or PNG files. This problem can overcome by adding filtering techniques to check the validation of a file with validation of eXtensible Markup Language (XML) using magic numbers and the Document Object Model (DOM). This research developed using the waterfall method and black-box security testing refers to a software security testing method in which security controls, defense, and application design are tested. Handling of security validation for uploading SVG files using file extensions and MIME types has a success rate of 75 percent from the eight tested scenarios while handling using file extensions, magic numbers, and Document Object Model (DOM) produces a success rate of 100 percent from 8 test scenarios. Testing uses a black-box so that handling using the file extension, magic number, and Document Object Model (DOM) is better than using only file extensions and mime types.

Highlights

  • The website is an Internet service that can be used by various users in the world, which usually has an upload feature

  • Without proper filtering, file selection, and validation processes during upload can present a significant security risk for website security [2] with three critical characteristics: integrity, input validation, and correct logic required for security applications Distributed Denial of Service (DDoS) attacks

  • DDoS assault characterization depends on network traffic movement utilizing the Neural Networks and Naïve Bayes Methods

Read more

Summary

INTRODUCTION

The website is an Internet service that can be used by various users in the world, which usually has an upload feature. ANN with two concealed layers gives generally predictable MSE, combination speed, higher right grouping rate at 99.04%, and a Quasi-Newton preparing capacity strategy (Matlab-trainlm) suited for the arrangement task, given the estimation of relapse both in the preparation and approval stage [4] Another technique in detecting these attacks is monitoring but found several problems [5], including difficulty distinguishing the attack and regular data traffic using Density K-Means Method. The lack of designer consciousness of secure coding norms and the absence of spending plans spent on application security are two of the most alarming issues This present examination's essential objective is for designers and analyzers to comprehend the fundamental weaknesses of record transfer usefulness, prompting assaults, and their particular alleviations for future secure turns of events. This study utilizes different magic numbers and DOM to validate SVG files in the file upload feature in the appropriate XML format scriptwriting structure

RESEARCH METHODOLOGY
Communication
Planning
Deployment
Findings
CONCLUSION
Full Text
Published version (Free)

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call