Web Applications Security Re-engineering in Cloud with Machine Learning

Prabhat Bisht¹

1. Deputy Director (IT), NIC, Chandigarh, Haryana, India.

Section:Research Paper, Product Type: Journal-Paper
Vol.9 , Issue.11 , pp.79-90, Nov-2023

Online published on Nov 30, 2023

Copyright © Prabhat Bisht . This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.
 

View this paper at   Google Scholar | DPI Digital Library

XML View     PDF Download

How to Cite this Paper

132 Views    176 Downloads    41 Downloads

Abstract :
Cyber-attacks are becoming a terror almost too all organizations worldwide. With the rise of cloud computing technology almost all organizations are migrating there businesses on cloud virtual machines. It is found that because of programmatic and declarative level missing securities most of the applications hosted on cloud are vulnerable to cyber-attacks. Attackers are always ready to exploit web and cloud vulnerabilities. Research shows that most of web applications hosted on cloud are targeted because of unpatched open web application security project (OWASP) vulnerabilities and vulnerabilities in cloud containers and network resources. Attackers exploit such vulnerabilities through advance attack vectors leading to attack on data confidentially, integrity and availability and here comes the role of application security assurance framework for mitigating such attacks. The novel approach of this paper is that it explores missing programmatic and declarative level securities and proposes advance web application information security assurance based on programmatic and declarative security best practices.

Key-Words / Index Term :
SQL Injection (SQLi) , Cross Site Scripting(XSS), Virtual machines (VM) , Security

References :
[1]. Z Djuric, “A black-box testing tool for detecting SQL injection vulnerabilities”, In the proceeding of the 2013 International Conference on Informatics & Applications (ICIA),Poland, pp.15-22, 2013.
[2]. J Fonseca, M Vieira , H Madeira, “Evaluation of Web Security Mechanisms Using Vulnerability & Attack Injection” , IEEE Transactions on Dependable and Secure Computing, Vol.11, Issue.5, pp.89-100, 2014.
[3]. E Pearson , Bethel , “A design review: Concepts for mitigating SQL injection attacks” , In the proceeding of the conference of the 2016 International Symposium on Digital Forensic and Security (ISDFS), USA, pp.169-169, 2016.
[4]. A Patil, A Laturkar , SV Athawale, R Takale, ,P Tathawade, “A Multilevel System to Mitigate DDoS, Brute force and SQL Injection Attack for Cloud Security”, In the Proceeding of the 2017 International Conference on Information, Communication, Instrumentation and Control, India, pp.1-7, 2017.
[5]. A Ghafarian, “A hybrid method for detection and prevention of SQL injection attacks”, In the proceeding of the 2017 Computing Conference, U.K., pp.833-838, 2017.
[6]. RA Katole, SS Sherekar, V M Thakare , “Detection of SQL injection attacks by removing the Parameter Values of SQL Query”, In the Proceedings of the 2018 second International Conference on Inventive Systems and Control IEEE Xplore, New Jersey, pp.736-741, 2018
[7]. P Nunes , I Medeiros, Fonseca , N Neves, , Correia , M Vieira, “Benchmarking Static Analysis Tools for Web Security” , In the proceeding of the 2018 of IEEE Transactions on Reliability, pp.1159-1175, 2018.
[8]. D Mitropoulos, P Louridas, Polych, M ronakis, A.D. Keromytis, “Defending against Web Application Attacks: Approaches, Challenges and Implications”. In IEEE Transactions on Dependable and Secure Computing, Vol.16, Issue. 2, pp.188-203, 2017.
[9]. H Villamizar, A A Neto, M Kalinowski, A Garcia, D endez . “An Approach for Reviewing Security-Related Aspects in Agile Requirements Speci?cations of Web Applications”. In the proceeding of 2019 IEEE International Requirements Engineering Conference, Vol.25, Issue.4, pp.439-468, 2019.
[10]. M Liu, B Zhang, W Chen, X Zhang ,“A Survey of Exploitation and Detection Methods of XSS Vulnerabilities” ,IEEE ACCESS, Vol.7, Issue.1, pp.182004-182016, 2019.
[11]. A Sharma, N Sharma, B Bhushan., I Kaushik, A Singh, “Security Countermeasures in Web Based Application” , In the proceeding of 2019 international conference on intelligent computing, instrumentation and control technologies, Vol.1, Issue.1, pp.1236-1241, 2019.
[12]. B Wang, L Liu , F Li. ,J Zhang, T Chen, Z Zou, , “Research on Web Application Security Vulnerability Scanning Technology” , In the proceeding of 2019 IEEE Advanced Information Technology, Electronic and Automation Control Conference, Vol.9, Issue.6, pp.1-7, 2019.
[13]. A Goutam , V Tiwari , “Vulnerability Assessment and Penetration Testing to Enhance the Security of Web Application”. In the proceeding of 2019 International Conference on Information Systems and Computer Networks (ISCON), India, pp.601-605, 2019.
[14]. H Gupta, S Mondal , S Ray, B Giri, R Majumdar, V.P Mishra, “Impact of SQL injection in database Security” , In the Proceeding of the 2019 International Conference on Computational Intelligence and Knowledge Economy (ICCIKE) , United Arab Emirates, pp.296-299, 2019.
[15]. K Zhang , “A Machine Learning based Approach to Identify SQL Injection Vulnerabilities”, In the proceeding of the 2019 IEEE/ACM International Conference on Automated Software Engineering (ASE), USA, pp.1286-1288, 2019.
[16]. J Thome, L K Shar, D Bianculli, L Briand , “An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications through Security Slicing and Hybrid Constraint Solving”, IEEE Transactions on Software Engineering, Vol.46, Issue.2, pp.163-195, 2018.