Professional Documents
Culture Documents
Web Site: www.ijettcs.org Email: editor@ijettcs.org, editorijettcs@gmail.com Volume 2, Issue 1, January February 2013 ISSN 2278-6856
brute force attacks. All these vulnerability provide an easy and common plate form for stealing information of users. Due to such common vulnerabilities hackers are able to steal the data, temper the data, and use information of users in illegal purpose. Millions of juicy targets are available for hackers from where they are able to steal or manipulate the data of visitors. Therefore by this paper we are identifying a comprehensive advisory, risk assessment and protection against top five most common security risks.
2. SQL INJECTION
SQL Injection is most common techniques which may be use by attacker to enumerate or exploit database. Attacker is able to alter the back hand SQL statement by manipulating user inputs of application. SQL injection is an easy but most serious threat to any site or application that contains a database. Attacker can insert, update or delete the entry from database. SQL injections are not limited to any specific database type but that may be performing on almost any type of the database. Certain SQL Servers such as Microsoft SQL Server contain Stored and Extended Procedures. Attacker can compromise entire server if he may be successful to obtain access to these Procedures [4]. This technique allows an attacker to retrieve crucial information from a Web server's database. This kind of attack deals with information leakage, attacker is able to execute and perform many operations such as INSERT, UPDATE or DELETE. Even it is also posible to execution of stored procedures and then steal data. Countermeasures 1. 2. You should connect database using limited users. Restrict privileges. Keep PHP magic_quotes_gpc function on. Restrict user input by mysql_real_escape_string Use Type Casting.
Keywords: web hacking, vulnerability analysis, most critical vulnerabilities, SQL Injection, Local/Remote File Inclusion, Brute force attack prevention techniques of web attack, hacking countermeasures.
1. INTRODUCTION
The Internet is a fascinating and multi-faceted technology, a survey by the internet world states the total population of world is 7,017,846,922and from them around 2,405,518,376 people are consider as internet users [2]. And surveys by net craft on Jan 2013, approximately 629,939,191web sites are hosted on server. We are able to find almost any type of information, internet is like open encyclopedia or act like a news network. We are able to share the information, send messages or establish communication with any of the person. But as per statics over internet 60% resources are not safe.
Figure 1 Common Vulnerability Statics [9] As per survey 50% website are affected by Cross site scripting attacks while 20% websites are vulnerable to SQL injection attacks. 10% websites are affected by inclusion vulnerability such local and remote file inclusion attacks while 20% websites are vulnerable to Volume 2, Issue 1 January - February 2013
3. 4.
Page 41
References
[1] January 2013 Web Server Survey http://news.netcraft.com/ [opened on 11/01/2013] [2] INTERNET USAGE STATISTICS
The Internet Big Picture World Internet Users and Population Stats
www.internetworldstats.com/stats.htm [opened on 11/01/2013] [3] Hasan, Ashikali M. Hackers Eye with CD (English Edition). Computer World. [4] Joel Scambray, Mike Shema, Joel Scambray, Hacking Exposed Web App, Tata McGraw-Hill Education, 2006, ISBN- 978-0070619807 [5] Jason Andress, Ryan Linn, Coding for Penetration Testers: Building Better Tools, Elsevier, 2011, ISBN-
978-1597497305
[6] Jeremiah Grossman, Xss Attacks: Cross Site Scripting Exploits and Defense,Syngress Media, Elsevier Limited, Oxford, 2007, ISBN- 9781597491549 [7] Ryan C. Barnett, Preventing Web Attacks With Apache, Addison-Wesley, 2006, ISBN-9780321321282 [8] Denise Sutherland, Mark Koltko-Rivera, Cracking Codes and Cryptograms For Dummies, John Wiley & Sons, 2009, ISBN-978-0470591000 [9] http://nvd.nist.gov/ National Vulnerability Database Version 2.2, visited on 27th Jan 2013 AUTHOR
Assist. Prof. Parvin V. Ami has achieved Engineering in computer science and has completed her master in Information system. Currently she is working as Assistant Professor in B.K Mehta IT Center. Articles have been published in international journals. Her area of interest are computer forensic, database security, penetration testing, System programming, Ecommerce model designing and implementation, network security and computer security. Assist. Prof. S. C. Malav has achieved Engineering in computer science and has completed his master in Computer Science. Currently he is working as Assistant Professor in B.K Mehta IT Center. Articles have been published in international journals. His area of interest are database security, System programming, Ecommerce applications and computer security.
7. CONCLUSION
By this paper we have highlighted top five common but dangerous web application threats which are SQL Injection attack, Inclusion attack, Cross site Scripting attack, brute force attack and Insecure Cryptographic Storage. Some time simple mistake produces such risk which may harm the entire structure at major level and Volume 2, Issue 1 January - February 2013
Page 43