Iranian Society of CryptologyThe ISC International Journal of Information Security2008-204513320211101A Review Study on SQL Injection Attacks, Prevention, and Detection11015051410.22042/isecure.2021.0.0.0ENMona AlsalamahDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Huda AlwabliDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Hutaf AlqwifliDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Dina M. IbrahimDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.
Computers and Control Engineering Department, Faculty of Engineering, Tanta University, Tanta, Egypt.0000-0002-7775-0577Journal Article20210528The functionality of web-based system can be affected by many threats. In fact, web-based systems provide several services built on databases. This makes them prone to Structured Query Language (SQL) injection attacks. For that reason, many research efforts have been made to deal with such attack. The majority of the protection techniques adopt defence strategy which resulting to provide, in extreme response time, a lot of positive rates. Indeed, attacks by injecting SQL is always a serious challenge for web-based system. This kind of attack is still attractive for hackers and it is in growing progress. For<br />that reason, many researches have been proposed to deal with this issue. The proposed techniques are essentially based on statistical or dynamic approach or using machine learning or even deep learning. This paper discusses and reviews the existing techniques used to detect and prevent SQL injection attack. In addition, it outlines challenges, open issues and future trends of solutions in this context.https://www.isecure-journal.com/article_150514_26a04a49ab9a0b5a9ecf9f0ce005ca06.pdfIranian Society of CryptologyThe ISC International Journal of Information Security2008-204513320211101Broken Authentication and Session Management Vulnerabilities111915052110.22042/isecure.2021.0.0.0ENHanan AljoaeyDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Khawla AlmutawaDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Ruyuf AlabdaliDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Dina M.IbrahimDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.
Computers and Control Engineering Deptartment, Faculty of Engineering, Tanta University, Tanta, Egypt.0000-0002-7775-0577Journal Article20210528Web application protection is today’s most important battleground between victim, intruder, and web service resource. User authentication tends to be critical when a legitimate user of the web application abruptly ends contact while the session is still active, and an unauthorized user chooses the same session to gain access to the device. For many corporations, risk detection is still a problem. In other cases, it is a usual way of operating that provides the requisite protection to keep the product free of weaknesses. Using various types of software to identify different security vulnerabilities assists both developers and organizations in securely launch applications, saving time and money.<br />Different combinations of tools have been seen to enhance protection in recent years, but it has not been possible to combine the types of tools available on the market until the writing of this report. The aim of this paper is to clarify vulnerabilities in broken authentication and session management. It is worth noting that if the creator practices the preventive techniques outlined in this article, the chances of exploitation being discussed are reduced. This paper<br />revealed that the most powerful ways to exploit the Broken Authentication and Session Management vulnerabilities of the web application in those domains are the Session Misconfiguration assault and Cracking/ Guessing Weak Password. Correspondingly included techniques to defend authentication and the most important is using a robust encryption system, setting password rules, and securing the session ID.https://www.isecure-journal.com/article_150521_d37656d499dfb64032c217e98da784bc.pdfIranian Society of CryptologyThe ISC International Journal of Information Security2008-204513320211101Cross Site Scripting Attack Review213015053110.22042/isecure.2022.0.0.0ENAfnan AlotaibiDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Lujain AlghufailiDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Dina M.IbrahimDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.
Computers and Control Engineering Department, Faculty of Engineering, Tanta University, Tanta, Egypt.0000-0002-7775-0577Journal Article20210528At the present period of time, web applications are growing constantly in the whole society with the development of communication technology. Since the utilization of WWW (World Wide Web) expanded and increased since it provides many services, such as sharing data, stay connected and other services. As a consequence, these numerous numbers of web application users susceptible to cybersecurity breaches in order to steal sensitive information or crashing the users’ systems, etc. Particularly, the most common vulnerability todays in web applications are the Cross-Site Scripting (XSS) attack.<br />Furthermore, online cyber attacks utilizing cross-site scripting were responsible for 40% of the attack instances that struck enterprises in North America and Europe in the 2019. Therefore, cross-site scripting is a form of an injection that targets both vulnerable and non-vulnerable websites, for the injection of malicious scripts. Cross-site scripting XSS operates by directing users to a vulnerable website that contains malicious JavaScript. Then, when malicious code runs in a victim’s browser, the attacker has complete control over how they interact with the application. In order to protect website or prevent the XSS, must know the application complexity and the way it handles data must be known so it could be controlled by the user. However, Detecting XSS effectively is still a work in progress and XSS is considered a gateway for various attacks. However in this paper, we will introduce the XSS attack and the forms of XSS as review paper. In addition, the methods and techniques that help to detect cross site scripting (XSS) attacks.https://www.isecure-journal.com/article_150531_d4e392fc8318342daebeb42ee8440fd9.pdfIranian Society of CryptologyThe ISC International Journal of Information Security2008-204513320211101Secure Coding Guidelines — Python313815054110.22042/isecure.2021.13.3.0ENMohammad Ali A. HammoudehDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Renad IbrahimDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Lama AlshraryanDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Manar AlnomiseDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Ragad AlhumidanDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Journal Article20210528Recently, the interest in cybercrime and cybersecurity has increased dramatically both in terms of critical security issues and national economic information infrastructure and sensitive dealing policies, such as protection and data privacy. Moreover, the growing threat of cybersecurity has prompted the kingdom to pay more attention to its national cybersecurity strategy as the state embarks on a Vision 2030 plan, which aims to diversify the economy and create new jobs. Therefore, Any Computer system is always having security threats which are considered as a big problem and this including application Codes as increasing demand. The paper aims to give a detailed information about secure coding with Python and present security guidelines and considerations in different disciplines. It focuses on giving an overview of the authentication methods used in application (Code) and show program security mistakes to introduce vulnerabilities (Ex. SQL Injection). We review<br />the new user authentication techniques, making it easier for the manager to choose the appropriate techniques for his organization by understanding the way it works, advantages, and disadvantages. The administrator can integrate<br />these mechanisms in a manner that is appropriate for his security plan. This will be useful for programmers and users to keep their codes and applications more secure and viable for usage in sensitive environments.https://www.isecure-journal.com/article_150541_a9f0526e45cd43bc510cc2945ddfcf80.pdfIranian Society of CryptologyThe ISC International Journal of Information Security2008-204513320211101Data Enhancement for Date Fruit Classification Using DCGAN394815054410.22042/isecure.2021.13.3.0ENNorah AlajlanDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Meshael AlyahyaDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Noorah AlghashamDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.Dina M. IbrahimDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi Arabia.
Computers and Control Engineering Deptartment, Faculty of Engineering, Tanta University, Tanta, Egypt.Journal Article20210528Date fruits are considered essential food and the most important agricultural crop in Saudi Arabia. Where Saudi Arabia produces many of the types of dates per year. Collecting large data for date fruits is a difficult task and consumed<br />time, besides some of the date types are seasonal. Wherein convolutional neural networks (CNN) model needs large datasets to achieve high classification accuracy and avoid the overfitting problem. In this paper, an augmented date fruits dataset was developed using deep convolutional generative adversarial networks techniques (DCGAN). The dataset contains 600 images for three varieties of dates (Sukkari, Suggai and Ajwa). The performance of DCGAN was evaluated using Keras and MobileNet models. An extensive simulation shows the classify using DCGAN with the MobileNet model achieved 88% of accuracy. Whilst 44% for the Keras. Besides, MobileNet achieved better classification in the original dataset.https://www.isecure-journal.com/article_150544_73ef57e6d2023c1fffa1848555a0a6ba.pdfIranian Society of CryptologyThe ISC International Journal of Information Security2008-204513320211101Forensic-Enabled Security as a Service (FESaaS) - A Readiness Framework for Cloud Forensics495715054610.22042/isecure.2021.0.0.0ENWedad AlawadDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi ArabiaAwatef BalobaidCollege of Computer Science and Information Technology, Jazan University, Jazan, Saudi Arabia.Journal Article20210528Digital forensics is a process of uncovering and exploring evidence from digital content. A growth in digital data in recent years has made it challenging for forensic investigators to uncover useful information. Moreover, the applied use of cloud computing has increased significantly in past few years and has introduced new challenges to forensic experts. Cloud forensics assist organizations who exercise due diligence and comply with the requirements related to sensitive information protection, maintain the records required for audits, and notify concerned parties when confidential information is compromised or exposed. One of the problems with cloud forensics is the limitation of cloud forensic models and guidelines. The aim of this project is to propose a new cloud forensic model that will help investigators and cloud service providers achieve digital forensic readiness within the cloud environment. To achieve this goal, we have studied and compared different<br />forensic process models to determine their limitations. Based on results of this comparative study, a new cloud forensic framework– Forensic-enabled Security as a Service (FESaaS) is presented. The security and forensic layers are aggregated to discover evidence in the proposed framework. Compared to other cloud forensic frameworks, our framework deals with live data, reports, and logs. Thus, it is sufficient and provides the capability for rapid response.https://www.isecure-journal.com/article_150546_814723f8cf7d9f0fd67dac3a3e6e3cd1.pdfIranian Society of CryptologyThe ISC International Journal of Information Security2008-204513320211101Open Web Application Security Project Components with Known Vulnerabilities: A Comprehensive Study596715054710.22042/isecure.2021.0.0.0ENMohammed S. AlbulayhiDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi ArabiaDina M. IbrahimDepartment of Information Technology, College of Computer, Qassim University, Buraydah, Saudi ArabiaComputers and Control Engineering Deptartment, Faculty of Engineering, Tanta University, Tanta, Egypt.Journal Article20210528The Open Web Application Security Project (OWASP) is a nonprofit organization battling for the improvements of software protection and enhancing the security of web applications. Moreover, its goal is to make application security “accessible” so that individuals and organizations can make educated decisions about security threats. The OWASP is a repository of tools and standards for web security study. OWASP released an annual listing of the top 10 most common vulnerabilities on the web in 2013 and 2017. This research paper proposed a comprehensive study on Components with known vulnerabilities attack, which is ninth attack (A9) among the top 10 vulnerabilities. Components with known vulnerabilities are the third-party components that focal system uses as authentication frameworks. Depending on the vulnerability it could range from subtle to seriously bad. This danger arises because the app’s modules, like libraries and frameworks, are almost always run with the highest privileges. If a compromised aspect is abused, the hacker’s task of causing significant loss of information or server takeover is easier.https://www.isecure-journal.com/article_150547_985ced4394fd552634a84f2cc6a7f494.pdfIranian Society of CryptologyThe ISC International Journal of Information Security2008-204513320211101Human Activity Recognition Based on Multi-Sensors in a Smart Home Using Deep Learning697815104410.22042/isecure.2021.13.3.0ENMusbah AqelArab University College of Technology, Amman, Jordan.Munsif SokiynaDepartment of Information Systems, Statistics, and Management Science, University of Alabama, Tuscaloosa, United States.0000-0001-5177-7395Journal Article20210608Tracking or taking care of elderly people when they live alone is much challenging area. Because most of the aged people suffering from some health issues like Alzheimer, diabetes, and hypertension, so in case happening any abnormal activity or any emergency situation since they live alone and there is no one around them to offer any support, so one of the best choices to care mature people is focusing on smart home technology. Also, one of the essential keys to expand smart home technology is monitoring, detecting, and recognizing human activities called Ambient Assisted Living (AAL) applications. Nowadays our world highly focuses on a smart system because the smart system can learn the habits, and if it finds any problem or any abnormal happenings, it can take automated decisions for residents for example, by learning cooking time, the system can prepare the oven, and by learning spare time which the resident spend for watching, the system can prepare the TV also put it to favorite channel for the residents. To done this, a new and existing established machine learning and deep learning approaches are required to be estimated the system focusing on using real data-sets. So, this study presents machine learning to analyze activities of daily living (ADL) in smart home environments. The data sets were collected from a set of binary sensors installed on two houses. This study used public data sets for detecting and recognition human activities, the data set was tested based on machine learning classification especially Support Vector Machines (SVM) was applied as traditional neural network also for deep learning (1-Dcnn) as Convolutional Neural Network (CNN) also, Long Short-Term Memory (LSTM) as Recurrent Neural Network (RNN) and was used. Also, sliding window (windowing) was used in the preprocessing phase, the study concludes that all used algorithms can detect some activities perfectly, and on the other hand they can’t predict all activities perfectly especially those activities that take short-time, the main key for this situation is imbalanced data.https://www.isecure-journal.com/article_151044_009f0af079ecc8995ce530b84f6bbb4b.pdf