Abstract
The rapid advancement in technology and the increased number of web applications with very short turnaround time caused an increased need for protection from vulnerabilities that grew due to decision makers overlooking the need to be protected from attackers or software developers lacking the skills and experience in writing secure code. Structured Query Language (SQL) Injection, cross-site scripting (XSS), Distributed Denial of service (DDos) and suspicious user behaviour are some of the common types of vulnerabilities in web applications by which the attacker can disclose the web application sensitive information such as credit card numbers and other confidential information. This paper proposes a framework for the detection and prevention of web threats (WTDPF) which is based on preventing the attacker from gaining access to confidential data by studying his behavior during the action of attack and taking preventive measures to reduce the risks of the attack and as well reduce the consequences of such malicious action. The framework consists of phases which begin with the input checking phase, signature based action component phase, alert and response phases. Additionally, the framework has a logging functionality to store and keep track of any action taking place and as well preserving information about the attacker IP address, date and time of the attack, type of the attack, and the mechanism the attacker used. Moreover, we provide experimental results for different kinds of attacks, and we illustrate the success of the proposed framework for dealing with and preventing malicious actions.
Highlights
The companies growing dependence on the use of web applications in their daily work came along with the massive development of the internet and the web applications where the web became the main link that connected all users all over the world as well as the place where data about the internet users were stored in databases [1]
In WTDPF Testing section we will experiment the framework’s ability to analyze the attacker in order to measure the requests effectiveness of the WTDPF input checker component which we will test by providing user input samples and the checker will check if the user sent HTTP requests that contains any method of attack or whether the user sent normal input
This research presented a new framework for the detection and prevention of common attack methods: Structured Query Language (SQL) injection, XSS, Distributed Denial of service (DDos) and user suspicious behavior
Summary
The companies growing dependence on the use of web applications in their daily work came along with the massive development of the internet and the web applications where the web became the main link that connected all users all over the world as well as the place where data about the internet users were stored in databases [1]. With that advancement in technology, many security threats have arisen on daily basis [2] as the databases contain sensitive and private data about users such as credit card numbers, passwords, and money transaction information which if exposed can cause great deal of financial loss and damage to companies as well as losing the user trust and disrupting their daily operations and for that reason the security of information is a primary concern for all website and company owners Another example regards the firewall method that deals with port 80 without checking the payload packet information, while security on application layer was overlooked and became a necessity to reduce and mitigate malicious attacks [3]. We intend to achieve better interactivity and performance to protect web applications from the malicious users and prevent those users from injecting malicious web content using the vulnerabilities that developers have overlooked
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
