Mona Alsalamah; Huda Alwabli; Hutaf Alqwifli; Dina M. Ibrahim
Abstract
The functionality of web-based system can be affected by many threats. In fact, web-based systems provide several services built on databases. This makes them prone to Structured Query Language (SQL) injection attacks. For that reason, many research efforts have been made to deal with such attack. The ...
Read More
The functionality of web-based system can be affected by many threats. In fact, web-based systems provide several services built on databases. This makes them prone to Structured Query Language (SQL) injection attacks. For that reason, many research efforts have been made to deal with such attack. The majority of the protection techniques adopt defence strategy which resulting to provide, in extreme response time, a lot of positive rates. Indeed, attacks by injecting SQL is always a serious challenge for web-based system. This kind of attack is still attractive for hackers and it is in growing progress. Forthat reason, many researches have been proposed to deal with this issue. The proposed techniques are essentially based on statistical or dynamic approach or using machine learning or even deep learning. This paper discusses and reviews the existing techniques used to detect and prevent SQL injection attack. In addition, it outlines challenges, open issues and future trends of solutions in this context.
Hanan Aljoaey; Khawla Almutawa; Ruyuf Alabdali; Dina M.Ibrahim
Abstract
Web application protection is today’s most important battleground between victim, intruder, and web service resource. User authentication tends to be critical when a legitimate user of the web application abruptly ends contact while the session is still active, and an unauthorized user chooses ...
Read More
Web application protection is today’s most important battleground between victim, intruder, and web service resource. User authentication tends to be critical when a legitimate user of the web application abruptly ends contact while the session is still active, and an unauthorized user chooses the same session to gain access to the device. For many corporations, risk detection is still a problem. In other cases, it is a usual way of operating that provides the requisite protection to keep the product free of weaknesses. Using various types of software to identify different security vulnerabilities assists both developers and organizations in securely launch applications, saving time and money.Different combinations of tools have been seen to enhance protection in recent years, but it has not been possible to combine the types of tools available on the market until the writing of this report. The aim of this paper is to clarify vulnerabilities in broken authentication and session management. It is worth noting that if the creator practices the preventive techniques outlined in this article, the chances of exploitation being discussed are reduced. This paperrevealed that the most powerful ways to exploit the Broken Authentication and Session Management vulnerabilities of the web application in those domains are the Session Misconfiguration assault and Cracking/ Guessing Weak Password. Correspondingly included techniques to defend authentication and the most important is using a robust encryption system, setting password rules, and securing the session ID.
Afnan Alotaibi; Lujain Alghufaili; Dina M.Ibrahim
Abstract
At the present period of time, web applications are growing constantly in the whole society with the development of communication technology. Since the utilization of WWW (World Wide Web) expanded and increased since it provides many services, such as sharing data, stay connected and other services. ...
Read More
At the present period of time, web applications are growing constantly in the whole society with the development of communication technology. Since the utilization of WWW (World Wide Web) expanded and increased since it provides many services, such as sharing data, stay connected and other services. As a consequence, these numerous numbers of web application users susceptible to cybersecurity breaches in order to steal sensitive information or crashing the users’ systems, etc. Particularly, the most common vulnerability todays in web applications are the Cross-Site Scripting (XSS) attack.Furthermore, online cyber attacks utilizing cross-site scripting were responsible for 40% of the attack instances that struck enterprises in North America and Europe in the 2019. Therefore, cross-site scripting is a form of an injection that targets both vulnerable and non-vulnerable websites, for the injection of malicious scripts. Cross-site scripting XSS operates by directing users to a vulnerable website that contains malicious JavaScript. Then, when malicious code runs in a victim’s browser, the attacker has complete control over how they interact with the application. In order to protect website or prevent the XSS, must know the application complexity and the way it handles data must be known so it could be controlled by the user. However, Detecting XSS effectively is still a work in progress and XSS is considered a gateway for various attacks. However in this paper, we will introduce the XSS attack and the forms of XSS as review paper. In addition, the methods and techniques that help to detect cross site scripting (XSS) attacks.
Ehab Khatter; Dina Ibrahim
Abstract
Time Saving and energy consumption has become a vital issue that attracts the attention of researchers in Underwater Wireless Sensor Networks (UWSNs) fields. According to that, there is a strong need to improve MAC protocols performance in UWSNs, particularly enhancing the effectiveness ...
Read More
Time Saving and energy consumption has become a vital issue that attracts the attention of researchers in Underwater Wireless Sensor Networks (UWSNs) fields. According to that, there is a strong need to improve MAC protocols performance in UWSNs, particularly enhancing the effectiveness of ALOHA Protocol. In this paper, a time-saving Aloha protocol with slotted carrier sense proposed which we called, ST-Slotted-CS-ALOHA protocol. The results of thesimulation demonstrate that our proposed protocol can save time and decrease the average delay when it compared with the other protocols. Moreover, it decreased energy consumption and raised the ratio of throughput. However, the number of dropped nodes does not give better results compared to other protocols.