Research Papers - Dept of Computer Systems Engineering

Permanent URI for this collection https://rda.sliit.lk/handle/123456789/1253

Browse

Filters

20202

Advanced Search

Filter by

Settings

Author: search.filters.author.Rankothge, W. HSubject: search.filters.subject.Identification

Search Results

Now showing 1 - 2 of 2
  • Thumbnail Image
    PublicationEmbargo
    Identification and Mitigation Tool for Sql Injection Attacks(SQLIA)
    (IEEE, 2020-11-26) Rankothge, W. H; Randeniya, M; Samaranayaka, V
    Structured Query Language Injection Attack (SQLIA) is a very frequent web security vulnerability. The attacker adds a malicious Structured Query Language (SQL) code to the input field of a web form, so that he can gain access to data or make unauthorized changes to data. A successful malicious SQL injection cause serious consequence to the victimized organization such as financial loss, reputation loss, compliance, and regulatory breaches. There have been several research works on detection and prevention of SQL injection attacks. However, still there is an absence of an advanced single tools for both identification and mitigation of SQL injection attacks. We have proposed an approach to identify and mitigate SQL injection attacks using a single tool and it allows software testers to identify the SQL injection vulnerabilities of their web applications during the testing stages. The proposed approach is based on parameterized queries and user input validation. Our results show that the tool provides 100% accurate and efficient results on identification and mitigation of SQL vulnerabilities.
  • Thumbnail Image
    PublicationEmbargo
    Identification and Mitigation Tool For Cross-Site Request Forgery (CSRF)
    (IEEE, 2020-12-01) Rankothge, W. H; Randeniya, S M. N
    Most organizations use web applications for sharing resources and communication via the internet and information security is one of the biggest concerns in most organizations. Web applications are becoming vulnerable to threats and malicious attacks every day, which lead to violation of confidentiality, integrity, and availability of information assets.We have proposed and implemented a new automated tool for the identification and mitigation of Cross-Site Request Forgery (CSRF) vulnerability. A secret token pattern based has been used in the automated tool, which applies effective security mechanism on PHP based web applications, without damaging the content and its functionalities, where the authenticated users can perform web activities securely.