CIVD: detection of command injection vulnerabilities in web services through aspect-oriented programming Online publication date: Mon, 29-Oct-2012
by V. Shanmughaneethi; Ra. Yagna Praveen; S. Swamynathan
International Journal of Computer Applications in Technology (IJCAT), Vol. 44, No. 4, 2012
Abstract: Most internet applications are providing facilities through the web services. Due to its wide usage, these web services are exposed to severe vulnerabilities that can be uncovered and exploited by hackers. In these vulnerabilities, command injection is the most frequent type of attack that can take advantage of improperly designed applications. These attacks inject and execute commands specified by the attacker, allowing unauthorised access to database schema and critical data stored in data logic. In this paper, a new approach is proposed to effectively detect the command injection vulnerabilities such as SQL injection attacks, by validating the dynamically generated query that is to be executed in the database server. This approach involves Aspect Oriented Programming (AOP) technique, which is used for separating cross cutting concerns such as security from applications. The approach is effective since it uses a XML schema instead of existing methods for validation.
Online publication date: Mon, 29-Oct-2012
If you are not a subscriber and you just want to read the full contents of this article, buy online access here.Complimentary Subscribers, Editors or Members of the Editorial Board of the International Journal of Computer Applications in Technology (IJCAT):
Login with your Inderscience username and password:
Want to subscribe?
A subscription gives you complete access to all articles in the current issue, as well as to all articles in the previous three years (where applicable). See our Orders page to subscribe.
If you still need assistance, please email email@example.com