A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm
Abstract Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore...
| Main Authors: | , , , , |
|---|---|
| Format: | Article |
| Language: | English |
| Published: |
SpringerOpen
2020-08-01
|
| Series: | EURASIP Journal on Information Security |
| Subjects: | |
| Online Access: | http://link.springer.com/article/10.1186/s13635-020-00113-y |
| _version_ | 1818506325287501824 |
|---|---|
| author | Oluwakemi Christiana Abikoye Abdullahi Abubakar Ahmed Haruna Dokoro Oluwatobi Noah Akande Aderonke Anthonia Kayode |
| author_facet | Oluwakemi Christiana Abikoye Abdullahi Abubakar Ahmed Haruna Dokoro Oluwatobi Noah Akande Aderonke Anthonia Kayode |
| author_sort | Oluwakemi Christiana Abikoye |
| collection | DOAJ |
| description | Abstract Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attacks |
| first_indexed | 2024-12-10T22:03:02Z |
| format | Article |
| id | doaj.art-27372f01abe34aea9ad7f516f9739556 |
| institution | Directory Open Access Journal |
| issn | 2510-523X |
| language | English |
| last_indexed | 2024-12-10T22:03:02Z |
| publishDate | 2020-08-01 |
| publisher | SpringerOpen |
| record_format | Article |
| series | EURASIP Journal on Information Security |
| spelling | doaj.art-27372f01abe34aea9ad7f516f97395562022-12-22T01:31:51ZengSpringerOpenEURASIP Journal on Information Security2510-523X2020-08-012020111410.1186/s13635-020-00113-yA novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithmOluwakemi Christiana Abikoye0Abdullahi Abubakar1Ahmed Haruna Dokoro2Oluwatobi Noah Akande3Aderonke Anthonia Kayode4Department of Computer Science, University of IlorinDepartment of Computer Science, University of IlorinComputer Science Department, Gombe State PolytechnicComputer Science Department, Landmark UniversityComputer Science Department, Landmark UniversityAbstract Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attackshttp://link.springer.com/article/10.1186/s13635-020-00113-ySQL injectionCross-site scriptingInformation securityWeb application vulnerabilityKnuth-Morris-Pratt (KMP) string matching algorithm |
| spellingShingle | Oluwakemi Christiana Abikoye Abdullahi Abubakar Ahmed Haruna Dokoro Oluwatobi Noah Akande Aderonke Anthonia Kayode A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm EURASIP Journal on Information Security SQL injection Cross-site scripting Information security Web application vulnerability Knuth-Morris-Pratt (KMP) string matching algorithm |
| title | A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm |
| title_full | A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm |
| title_fullStr | A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm |
| title_full_unstemmed | A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm |
| title_short | A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm |
| title_sort | novel technique to prevent sql injection and cross site scripting attacks using knuth morris pratt string match algorithm |
| topic | SQL injection Cross-site scripting Information security Web application vulnerability Knuth-Morris-Pratt (KMP) string matching algorithm |
| url | http://link.springer.com/article/10.1186/s13635-020-00113-y |
| work_keys_str_mv | AT oluwakemichristianaabikoye anoveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm AT abdullahiabubakar anoveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm AT ahmedharunadokoro anoveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm AT oluwatobinoahakande anoveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm AT aderonkeanthoniakayode anoveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm AT oluwakemichristianaabikoye noveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm AT abdullahiabubakar noveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm AT ahmedharunadokoro noveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm AT oluwatobinoahakande noveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm AT aderonkeanthoniakayode noveltechniquetopreventsqlinjectionandcrosssitescriptingattacksusingknuthmorrisprattstringmatchalgorithm |