Risk assessment of code injection vulnerabilities using fuzzy logic-based system

Jain

International Journal of Electrical Engineering & Education

2019

“…low, medium, and high. 7 Now it is time to define membership function for each linguistic variable. A membership function (denoted by the…”

Section: A Fuzzification Of Inputsmentioning

confidence: 99%

Section: A Fuzzification Of Inputsmentioning

confidence: 99%

RETRACTED: A quantitative risk analysis methodology for the security of web application database against SQL injection (SQLi) attacks utilizing fuzzy logic system as computational technique

Jain

International Journal of Electrical Engineering & Education

2019

Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016)

“…Meanwhile, inputs leading to Web applications' data flow and control flow variability, which make it difficult to accurately obtain injection points' information, especially for the hidden interfaces. Therefore, new mathematical methods such as fuzzy logic, threat modeling are introduced to evaluate potential risk of injection vulnerabilities [33,35].…”

Section: Key Technologies Of Xss Attack Detection Injection Point Anamentioning

confidence: 99%

Review of XSS Attack and Detection on Web Applications

Zhao¹,

Wang²,

Ding³

2017

Abstract. Aiming at the difficulties to prevent Web applications to be maliciously injected which are increased by all kinds of dynamic Web technologies applied, concentrate on XSS attack, this paper reviews the research progresses of Web application injection vulnerabilities detection in recent years. It summarizes the classification and causes of the XSS injection security vulnerabilities, analyzes the complexity of security vulnerabilities detection; then proposes the key technologies of the existing detection approached, including analyzing and identifying the injection points, injection detection by software analysis and testing, symbolic execution, taint analysis; finally presents its future development direction.

“…There are some research works that involve the use of fuzzy logic for generating attack samples. The Fuzzy Logic System (FLS), introduced by Shahriar et al [24], utilizes input from different attack types, described as top threats in Open Worldwide Application Security Project (OWASP) web attacks, and risk assessment models, to generate attack payloads. These payloads can be tested against PHP-based applications, to check the security risk level of different applications.…”

Section: Introductionmentioning

confidence: 99%

Generative Adversarial Network (GAN)-Based Autonomous Penetration Testing for Web Applications

Chowdhary,

Jha,

Zhao

2023

Sensors

The web application market has shown rapid growth in recent years. The expansion of Wireless Sensor Networks (WSNs) and the Internet of Things (IoT) has created new web-based communication and sensing frameworks. Current security research utilizes source code analysis and manual exploitation of web applications, to identify security vulnerabilities, such as Cross-Site Scripting (XSS) and SQL Injection, in these emerging fields. The attack samples generated as part of web application penetration testing on sensor networks can be easily blocked, using Web Application Firewalls (WAFs). In this research work, we propose an autonomous penetration testing framework that utilizes Generative Adversarial Networks (GANs). We overcome the limitations of vanilla GANs by using conditional sequence generation. This technique helps in identifying key features for XSS attacks. We trained a generative model based on attack labels and attack features. The attack features were identified using semantic tokenization, and the attack payloads were generated using conditional sequence GAN. The generated attack samples can be used to target web applications protected by WAFs in an automated manner. This model scales well on a large-scale web application platform, and it saves the significant effort invested in manual penetration testing.