Professional Documents
Culture Documents
Paper Review
Paper Review
Title page:
SQLI-XSS Attack (How to Detect and Countermeasures)
Adam Waluyo, M.Zhilal Agrayasa, Noni fauziah
Janury 8, 2020
Abstract: SQL Injection (SQLI) and Cross-site scripting (XSS) attacks pose serious security
threats that are used to sneak into web applications today. These attacks can lead to total breach of
security to the privacy of the clients of a particular web site. As web applications become more
prevalent, web security becomes more and more important. The increasing dependence on web
applications has made them a natural target for attackers. Among these attacks SQL Injection
Attacks (SQLIA) and Cross-site scripting vulnerability abbreviated as XSS is a kind of common
injection web vulnerability. A SQL injection attack consists of insertion or "injection" of a SQL
query via the input data from the client to the application. A successful SQL injection exploit can
read sensitive data from the database, modify database data (Insert/Update/Delete). And the
exploitation of XSS vulnerabilities can hijack users' sessions, modify, read and delete business
data of web applications, place malicious codes in web applications, and control victims to attack
other targeted servers. This paper review will discusses about SQLI-XSS attack, countermeasures,
and how to recovery it based on several international papers that we have read.
Keywords — SQL Injection (SQLI)Attacks, Cross-site scripting attack, Web security
Introduction: The security of web applications has become increasingly important in the last
decade. More and more web based enterprise applications deal with sensitive financial and medical
data, which, if compromised, in addition to downtime can mean millions of dollars in damages. It
is crucial to protect these applications from hacker attacks. The Survey of Open Source Web
Application Security Project (OWASP) states that SQLI and XSS attack are the ones that are most
widely performed. SQL injection (SQLI) attack occurs when malicious SQL code is inserted into
the input submitted by user. Thus SQLI executes if the input is not properly validated. Through
SQLI queries or script attacker can gain unauthorized access of database, execute queries and then
perform data manipulation operation on databases. For injecting attack queries can be dynamically
constructed as the part of input. Apart from SQL injection attack the other common attack found
is XSS attack. This type of exploits target the HTML output function that sends data to the browser.
The basic idea behind XSS injection is to use special characters which would cause Web browser
interpreters to switch from data context to code context. These special characters includes the
<script> tag using which the attacker can invoke java-script interpreter. Thus, attacker can perform
exploits on webpage‟s like web content manipulation, hacking user cookies etc. The input source
that is manipulated by attacker mainly includes HTML forms, cookies and outgoing webpage‟s.
These attacks may hamper the security aspect that is CIAA.
2. Body (subtopics being addressed):
Literature Cited: Use a standardized referencing system. A widely used one in the
medical literature is the AMA style.
http://jama.ama-assn.org/site/misc/ifora.xhtml#References
http://library.aecom.yu.edu/resources/bms/EndNoteAgreement.htm