CIVD: detection of command injection vulnerabilities in web services through aspect-oriented programming

Authors:
V. Shanmughaneethi;Ra. Yagna Praveen;S. Swamynathan
Affiliations:
Department of Information Science & Technology, College of Engineering Guindy, Anna University, Chennai, Tamil Nadu, India.;Department of Information Science & Technology, College of Engineering Guindy, Anna University, Chennai, Tamil Nadu, India.;Department of Information Science & Technology, College of Engineering Guindy, Anna University, Chennai, Tamil Nadu, India
Venue:
International Journal of Computer Applications in Technology
Year:
2012

Citing 9
Cited 1

AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks

Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
Using parse tree validation to prevent SQL injection attacks

SEM '05 Proceedings of the 5th international workshop on Software engineering and middleware
The essence of command injection attacks in web applications

Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation

IEEE Transactions on Software Engineering
Effective Detection of SQL/XPath Injection Vulnerabilities in Web Services

SCC '09 Proceedings of the 2009 IEEE International Conference on Services Computing
Comparing the Effectiveness of Penetration Testing and Static Code Analysis on the Detection of SQL Injection Vulnerabilities in Web Services

PRDC '09 Proceedings of the 2009 15th IEEE Pacific Rim International Symposium on Dependable Computing
A SaaSI: an approved architecture for SaaS service composition

International Journal of Computer Applications in Technology
An e-mail filtering method based on multi-attribute values of user's profile

International Journal of Computer Applications in Technology
Defending against injection attacks through context-sensitive string evaluation

RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection

Role of aspect-oriented approach in dynamic adaptability

International Journal of Computer Applications in Technology

Quantified Score

Hi-index	0.00

Visualization

Abstract

Most internet applications are providing facilities through the web services. Due to its wide usage, these web services are exposed to severe vulnerabilities that can be uncovered and exploited by hackers. In these vulnerabilities, command injection is the most frequent type of attack that can take advantage of improperly designed applications. These attacks inject and execute commands specified by the attacker, allowing unauthorised access to database schema and critical data stored in data logic. In this paper, a new approach is proposed to effectively detect the command injection vulnerabilities such as SQL injection attacks, by validating the dynamically generated query that is to be executed in the database server. This approach involves Aspect Oriented Programming (AOP) technique, which is used for separating cross cutting concerns such as security from applications. The approach is effective since it uses a XML schema instead of existing methods for validation.