Security Issues for Web Applications DB, Essay Example

Application Security

Application security is considered to be an essential aspect for information security. Organizations acquire third party services or hire information security specialist for conducting vulnerability assessment, testing the code before deployment and penetration testing to verify integrity and authenticity of the code before operation. However, in order to fulfill these requirements, information security specialist utilized various tools to detect and audit vulnerabilities to ensure application security. For securing data privacy on the World Wide Web, a study was carried out in association with automatic SQL injection and cross site scripting attacks. Likewise, the objective of this study is to prevent SQL injection and cross site scripting attacks by a tool called as ‘Andrilla’. This tool incorporates PHP based techniques for input generation, input mutation and dynamic propagation for analyzing inputs that has inherent weaknesses. Moreover, storage for taint is carried out by the symbolic database. Furthermore, the tool is also efficient for detecting and minimizing embedded application threats associated with XSS. In addition, the results of this study identified and detected 68 SQL injection attacks covering five applications. However, results were reflecting high accuracy and low false positives (Kie?un, Guo, Jayaraman, & Ernst, 2009).Moreover, this tool creates attack vectors associated with XSS and SQL injection for web based application incorporated with PHP. Likewise, considering SQL injection and XSS, as the most common threats for applications security, the tool constructs inputs that reflect SQL injection and XSS weaknesses. Moreover, construction of inputs considered as inputs and tracking of symbolic tracking via execution is a job for the tool and as a result, concrete exploits are produced (Kie?un, Guo, Jayaraman, & Ernst, 2009). On the other hand, runtime overhead for the implemented application operates in a normal manner i.e. no issues in runtime and no requirement of modifying the application code along with construction of programming language that change frequently (dynamic).

Moreover, one more tool known as the metaspolit tool utilized a framework based on an open source platform. This platform facilitates the development, testing and integration of an exploit code within the application (Metasploit.2007). However, at the beginning, the metasploit tool was started as a project known for portable network games and later on transformed in to a powerful tool used for penetrating testing, vulnerability assessment and exploit development (Metasploit.2007). The development of this tool is based on Perl scripting language along with some components that are compiled in C language, assembler and Python. The advantage from the Perl language is the compatibility, as the framework can be executed on almost every platform in default configurations (Metasploit.2007). Likewise, an open source and advanced platform, it is also utilized for testing, exploiting the code and development. Moreover, the extensive framework via an integration of payloads, encoders and exploits made this tool a revolutionary engine for research associated with exploitation. Furthermore, there are numerous modules that are available on the Internet. With the help of these modules, one can code a customized exploit.

References

Kie?un, A., Guo, P. J., Jayaraman, K., & Ernst, M. D. (2009). Automatic creation of SQL injection and cross-site scripting attacks. ICSE: International Conference on Software Engineering, , 199-209.

Metasploit.(2007). Network Dictionary, , 307-307.