SQL Injection and Buffer Overflow Attack Detection

SQL Injection and cowcatcher runoff fervidness sleuthingCHAPTER ONE INTRODUCTIONThis chapter discussed about research requirement for this research. It discussed before long the research background in section 1.1, problem statement in 1.2, research objectives in 1.3, research questions in 1.4, scope of research in 1.5, research elements in 1.6 and research signifi screwt in 1.71.1 search backdropThe internet which is a free, supportive and self-sustaining facility reachable to hundreds of millions of people worldwide, have perish one of important communications intermediate today. The greatest widely utilise part of the Internet is the network or World Wide Web (WWW). The Web uses the Hypertext Transfer Protocol (HTTP) to arrest data through the Internet as HTTP is a well-known voice communication over the Internet. in that location is a Web Browser that acts as the main door to the Internet if user wants to view the vane pages in divers(prenominal) wind vanesites. Web pages is a document that may contain text, videos, sound, images or e real multimedia components created in Hypertext Markup Language (HTML). In addition, to make the process of seek specific vane pages easier, there is Uniform Re bug Locator (URL) where it interchangeable naming convention for addressing documents available over the Internet or Intranet.As Internet become more than and more significant, there argon approximately individuals identified as hackers that have the ability to interrupt the peace of utilise Internet. For that reason, mesh topology security is required. Network security emphasis on securing networks from every violence or exploit especially from hackers and typically handles by network executive director on each organization that applies security policy. Thus, to ensure the triad main goals of security which argon integrity, availability and confidentiality is guarantee, network security become the main role to some kind of vulnerabilities in meshwork lotion. Vulnerabilities can be referring as the flaws where attacker can take benefit by exploiting it to gain unauthorized access to their target. there ar two of the nigh common web applications programme vulnerabilities that exist in a web application are Structured Query Language (SQL) Injection and pilot film flood (BOF).SQL Injection is an attack in which the attacker inserts SQL commands into form or parameter values. It exploits the use of SQL query in the application. SQL Injection has become a predominant type of attacks that target web applications. The Open Web covering Security Project (OWASP) ranks it on top among the Top-10 security threats. cushion onslaught is an exploit that can make the memory allocated to a certain application become massive. For example, an application expecting a five-digit postcode therefore the programmer notwithstanding allocates enough memory for the perimeter. If an attacker enters more than five digits for example hu ndreds of digit, the application leave alone end up using more memory than what it should. As of September 2010, 12 of the 20 most severe vulnerabilities ranked by US-CERT were caramel Overflow related.There are a lot of web application vulnerabilities espial electronic scanners existing in Internet. Either it free source or need to buy, there are more or less(prenominal) problems faced by these tools. The common problem meet by some of the scanner are false positive and false negatives. A false positive is when there is an error whereby a web application well-tried for is mistakenly found the vulnerabilities which actually there is none. Meanwhile, false negatives are the scanner does not found any vulnerability in a web application and telling user that the web is desexualize. However, actually the web application may have some vulnerability. Thus, by proposed a mode for detective work the web vulnerabilities through searching for the suspicious and defined web vulnerabilit ies criteria, it entrust help the web application administrator to take a opine and always standby in secure mode to avoid and secure mode for avoiding any attacks from the attacker.1.2 Problem StatementUsually developers of a web application does not realize that their web application have vulnerabilities. They tho realize it when there is an attack or manipulation of their code by someone. This is normal as in a web application, there are thousands of lines of code so, it is not easy to detect if there is some mistakes (Houghton, 2013). instantly lots of new hacker are born as the tools and tutorials are easier to get. According to Dougherty (2012), even though SQL Injection is very easy to cherish against, there are still large numbers of the system on the internet are vulnerable to this type of attack because there will be a few subtle condition that can go undetected. Besides, in Buffer Overflow, although many regularitys have been proposed to address this problem, it most ly very high overhead involves considerable additional resources (Zheng, Zhou Liu, 2015). Therefore, a detection rule for detecting the SQL Injection and Buffer Overflow while producing marginal false positive and false negative was proposed.1.3 Research ObjectiveThere are two objectives that have been achieved in this addressTo construct a detection method that can detect SQL Injection and Buffer Overflow attack in web application found on declare features and characteristics of the vulnerabilities.To evaluate the performance of proposed method in term of accuracy and force by conducted two sets of experiments under laboratory testing environment.1.4 Research QuestionsThere are four research questions that have been addressed in this dissertationIs it possible to employ a dynamic method for SQL Injection and Buffer Overflow detection in web application?What are the criteria used to detect SQL Injection and Buffer Overflow in the proposed detection method?What is the evaluati on rhythmic pattern used to measure the performance of the proposed detection method?How to measure the accuracy and efficiency of the proposed detection method?1.5 Scope of ResearchThis dissertation focused on the web application vulnerabilities which are more specific on SQL Injection and Buffer Overflow. This dissertation limited toDetection of web application vulnerabilities which are limited onSQL InjectionBuffer OverflowA number of vulnerable websites URL composed fromhttp//www.thetechnism.com/http//pastebin.com/For detection of web application vulnerabilities of SQL Injection and Buffer Overflow, the criteria used areGet the URL of websiteTokenize the URLMatch the pattern with the matching criteria based on Boyer-Moore AlgorithmGet the web application vulnerabilitiesThe evaluation metrics that used in this dissertation are accuracy and efficiency1.6Research logical implicationThere are two significances of this dissertationThis dissertation able to digest a method that ca n detect SQL Injection and Buffer Overflow attack based on Boyer-Moore String Matching Algorithm.This proposed detection method also able to generate the report regarding the level of vulnerability of the web application.The proposed method can assistance the web application developer or administrator to take any extra action to protected their application from universe attacked by the unethical person outside the network to SQL Injection and Buffer Overflow attack.