Call for Paper

CAE solicits original research papers for the July 2023 Edition. Last date of manuscript submission is June 30, 2023.

Read More

A Study of Attack on PHP and Web Security

SocButtons v1.5

Vijay Kumar, Devendra Patil, Nitin Maurya Published in Security

A Study of Attack on PHP and Web Security
Communications on Applied Electronics
Year of Publication: 2015
© 2014 by CAE Journal
Series Volume 1 Number 4
Authors Vijay Kumar, Devendra Patil, Nitin Maurya
10.5120/cae-1518
Download full text

Vijay Kumar, Devendra Patil and Nitin Maurya. Article: A Study of Attack on PHP and Web Security. Communications on Applied Electronics 1(4):1-13, March 2015. Published by Foundation of Computer Science, New York, USA. BibTeX

@article{key:article,
	author = {Vijay Kumar and Devendra Patil and Nitin Maurya},
	title = {Article: A Study of Attack on PHP and Web Security},
	journal = {Communications on Applied Electronics},
	year = {2015},
	volume = {1},
	number = {4},
	pages = {1-13},
	month = {March},
	note = {Published by Foundation of Computer Science, New York, USA}
}

Abstract

Hypertext pre-processor (PHP), a server side scripting language very often used to develop a web application. Web application has a big importance in communication over internet. Web applications got very fast growth in past some time. To pay bills, shopping, transactions, emails, social networking every days billions of users using these web application on in internet. Though web applications are very effective and time saving still security threats is also there. Now a day's most of the application facing problem of security and data integrity. This study is to give different types possible attacks on web application which is developed by using php and how we anticipate such attack and prevent from them for future.

Reference

  1. 1Prasant Singh Yadav, 2 Dr pankajYadav, 3Dr. K. P. Yadav "A Modern Mechanism to Avoid SQL Injection Attacks in Web Applications",IJRREST: International Journal of Research Review in Engineering Science and Technology ,Volume-1 Issue-1, June 2012.
  2. Mayank Namdev *, FehreenHasan, GauravShrivastav "Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA"Volume 2, Issue 7, July 2012.
  3. Atefeh Tajpour ,Suhaimi Ibrahim, Mohammad Sharifi Web Application Security by SQL Injection DetectionTools. IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 2, No 3, March 2012
  4. Mihir Gandhi , JwalantBaria, "SQL INJECTION Attacks in Web Application". International Journal of Soft Computing and Engineering (IJSCE) Issues, Vol. 2, Issue 6, January 2013
  5. 1 Venkatesh Yerram, 2 Dr G. Venkat Rami Reddy, "A SURVEY OF ATTACKS ON PHP AND WEB VULNERABILITIES". INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS Issues, Vol. 2, Issue 4, April 2014
  6. Emmanuel Benoist (2014, Spring). [Online]. Available:http://www. benoist. ch/SoftSec/slides/injectionFlows/slidesInjectionFlows2. pdf
  7. OWASP (2012, April). Command Injection [Online]. Available:https://www. owasp. org/index. php/Command_Injection
  8. Emmanuel Benoist (2014, Spring). [Online]. Available:http://www. benoist. ch/SoftSec/slides/injectionFlows/slidesInjectionFlows2. pdf
  9. William G. J. Halfond, Jeremy Viegas, and Alessandro Orso, A Classi?cation of SQL Injection Attacks and Countermeasures Available:http://www. cc. gatech. edu/fac/Alex. Orso/papers/halfond. viegas. orso. ISSSE06. pdf
  10. 1 Sampada Gadgil, 2 Sanoop Pillai 3 Sushant Pujari "SQL INJECTION ATTACKS AND PREVENTION TECHNIQUES" International Journal on Recent and Innovation Trends in Computing and Communication Volume 1, Issue 4, Apr 2013.
  11. 1 Mayank Namdev , 2 Fehreen Hasan, 3 Gaurav Shrivastav "A Novel Approach for SQL Injection Prevention Using Hashing & Encryption (SQL-ENCP)",IJCSIT: International Journal of Computer Science and Information Technologies ,Volume-3 Issue-5, 2012.
  12. XuePing-Chen "SQL injection attack and guard technical research",Science Direct: Procedia Engineering,Volume-15 2011.
  13. Atefeh Tajpour, Maslin Masrom, Mohammad Zaman Heydari, Suhaimi Ibrahim, "SQL Injection Detection and Prevention Tools Assessment"[Online]. Available: http://www. meeting. edu. cn/meeting/UploadPapers/1282791435515. pdf
  14. Shelly Rohilla , Pradeep Kumar Mittal "Database Security by Preventing SQL Injection Attacks in Stored Procedures" Volume 3, Issue 11, November 2013.
  15. 1 Asha. N, 2 M. Varun Kumar, 3 Vaidhyanathan. G "Preventing SQL Injection Attacks", International Journal of Computer Applications ,Volume-52 Issue-13, August 2012.
  16. 1 Asha. N, 2 M. Varun Kumar, 3 Vaidhyanathan. G "Preventing SQL Injection Attacks", International Journal of Computer Applications ,Volume-52 Issue-13, August 2012.
  17. Haeng Kon Kim, "Frameworks for SQL Retrieval on Web Application Security ", International MultiConference of Engineers and Computer Scientists Volume-1, March 2010.
  18. 1 S. Suganya, 2 D. Rajthilak, 3 G. Gomathi, "Multi-Tier Web Security on Web Applications from Sql Attacks" IOSR: Journal of Computer Engineering (IOSR-JCE), Volume-16, Issue-2, April 2014
  19. Mihir Gandhi , JwalantBaria, "SQL INJECTION Attacks in Web Application". International Journal of Soft Computing and Engineering (IJSCE) Issues, Vol. 2, Issue 6, January 2013
  20. OWASP (2012, April). XSS (Cross Site Scripting) Prevention CheatSheet [Online]. Available: https://www. owasp. org/index. php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_. 231__HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
  21. 1 S. SHALINI, 2 S. USHA ," Prevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side",IJCSI International Journal of Computer Science,Volume-8 Issue-4, July 2011.
  22. Mike Ter Louw, V. N. Venkatakrishnan,. Robust Prevention of Cross-site Scripting Attacks for Existing Browsers [Online]. Available:http://www. cs. uic. edu/~venkat/research/papers/blueprint-oakland09. pdf
  23. Dennis Schwarz,. "A Multi-Perspective View of PHP Remote File Include Attacks" (November 2009), SANS Institute InfoSec Reading Room [Online]. Available: http://www. sans. org/readingroom/whitepapers/detection/multi-perspective-view-php-remote-file-include-attacks-33229
  24. Aaron Weiss,. "How to Prevent Remote File Inclusion (RFI) Attacks" (January 2012), eSecurity Planet [Online]. Available: http://www. esecurityplanet. com/browser-security/how-to-prevent-remote-file-inclusion-rfi-attacks. html
  25. Jerry Louis,. "Detection of Session Hijacking" (January 2011), [Online]. Available:http://uobrep. openrepository. com/uobrep/bitstream/10547/211810/1/louis2011. pdf
  26. 1 Abhishek Kumar Bharti, 2 Manoj Chaudhary, "Prevention of Session Hijacking and I spoofing with Sensor Nodes and Cryptographic Approach", International Journal of Computer Applications, Volume-76 Issue-9, August 2013.
  27. OWASP (2012, April). Cross-Site Request Forgery (CSRF) (September 2013)[Online]. Available:https://www. owasp. org/index. php/Cross-Site_Request_Forgery_(CSRF)
  28. Martin Psinas (September 2011). "Preventing cross site requesting forgeries", Site Point [Online] Available: http://www. sitepoint. com/preventing-cross-site-request-forgeries/
  29. Wikipedia (May 2014). Directory traversal attack [Online] Avaliable:http://en. wikipedia. org/wiki/Directory_traversal_attack
  30. High Tech bridge (April 2014). Unrestricted Upload of File with Dangerous Type [Online] Available: https://www. htbridge. com/vulnerability/unrestricted-upload-of-file-with-dangerous-type. html
  31. OWASP (April 2014). Unrestricted File Upload [Online] Available: https://www. owasp. org/index. php/Unrestricted_File_Upload
  32. PHP Security Guide: Shared Hosts [Online]. Available: http://phpsec. org/projects/guide/5. html
  33. Ethical Hacking [Online] Available: http://www. breakthesecurity. com/2011/07/what-is-iframe-injection-mass-iframe. html
  34. Protect Data by Preventing Insecure Cryptographic Storage [Online] Available: http://resources. infosecinstitute. com/protect-data-by-preventing-insecure-cryptographic-storage/

Keywords

Threats, vulnerability, cross scripting, server side scripting, security attacks, Security breaches, session hijacking, cookies theft.