CFP last date
01 April 2024
Reseach Article

A Study of Attack on PHP and Web Security

by Vijay Kumar, Devendra Patil, Nitin Maurya
Communications on Applied Electronics
Foundation of Computer Science (FCS), NY, USA
Volume 1 - Number 4
Year of Publication: 2015
Authors: Vijay Kumar, Devendra Patil, Nitin Maurya
10.5120/cae-1518

Vijay Kumar, Devendra Patil, Nitin Maurya . A Study of Attack on PHP and Web Security. Communications on Applied Electronics. 1, 4 ( March 2015), 1-13. DOI=10.5120/cae-1518

@article{ 10.5120/cae-1518,
author = { Vijay Kumar, Devendra Patil, Nitin Maurya },
title = { A Study of Attack on PHP and Web Security },
journal = { Communications on Applied Electronics },
issue_date = { March 2015 },
volume = { 1 },
number = { 4 },
month = { March },
year = { 2015 },
issn = { 2394-4714 },
pages = { 1-13 },
numpages = {9},
url = { https://www.caeaccess.org/archives/volume1/number4/319-1518/ },
doi = { 10.5120/cae-1518 },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Journal Article
%1 2023-09-04T18:37:33.446200+05:30
%A Vijay Kumar
%A Devendra Patil
%A Nitin Maurya
%T A Study of Attack on PHP and Web Security
%J Communications on Applied Electronics
%@ 2394-4714
%V 1
%N 4
%P 1-13
%D 2015
%I Foundation of Computer Science (FCS), NY, USA
Abstract

Hypertext pre-processor (PHP), a server side scripting language very often used to develop a web application. Web application has a big importance in communication over internet. Web applications got very fast growth in past some time. To pay bills, shopping, transactions, emails, social networking every days billions of users using these web application on in internet. Though web applications are very effective and time saving still security threats is also there. Now a day's most of the application facing problem of security and data integrity. This study is to give different types possible attacks on web application which is developed by using php and how we anticipate such attack and prevent from them for future.

References
  1. 1Prasant Singh Yadav, 2 Dr pankajYadav, 3Dr. K. P. Yadav "A Modern Mechanism to Avoid SQL Injection Attacks in Web Applications",IJRREST: International Journal of Research Review in Engineering Science and Technology ,Volume-1 Issue-1, June 2012.
  2. Mayank Namdev *, FehreenHasan, GauravShrivastav "Review of SQL Injection Attack and Proposed Method for Detection and Prevention of SQLIA"Volume 2, Issue 7, July 2012.
  3. Atefeh Tajpour ,Suhaimi Ibrahim, Mohammad Sharifi Web Application Security by SQL Injection DetectionTools. IJCSI International Journal of Computer Science Issues, Vol. 9, Issue 2, No 3, March 2012
  4. Mihir Gandhi , JwalantBaria, "SQL INJECTION Attacks in Web Application". International Journal of Soft Computing and Engineering (IJSCE) Issues, Vol. 2, Issue 6, January 2013
  5. 1 Venkatesh Yerram, 2 Dr G. Venkat Rami Reddy, "A SURVEY OF ATTACKS ON PHP AND WEB VULNERABILITIES". INTERNATIONAL JOURNAL OF RESEARCH IN COMPUTER APPLICATIONS AND ROBOTICS Issues, Vol. 2, Issue 4, April 2014
  6. Emmanuel Benoist (2014, Spring). [Online]. Available:http://www. benoist. ch/SoftSec/slides/injectionFlows/slidesInjectionFlows2. pdf
  7. OWASP (2012, April). Command Injection [Online]. Available:https://www. owasp. org/index. php/Command_Injection
  8. Emmanuel Benoist (2014, Spring). [Online]. Available:http://www. benoist. ch/SoftSec/slides/injectionFlows/slidesInjectionFlows2. pdf
  9. William G. J. Halfond, Jeremy Viegas, and Alessandro Orso, A Classi?cation of SQL Injection Attacks and Countermeasures Available:http://www. cc. gatech. edu/fac/Alex. Orso/papers/halfond. viegas. orso. ISSSE06. pdf
  10. 1 Sampada Gadgil, 2 Sanoop Pillai 3 Sushant Pujari "SQL INJECTION ATTACKS AND PREVENTION TECHNIQUES" International Journal on Recent and Innovation Trends in Computing and Communication Volume 1, Issue 4, Apr 2013.
  11. 1 Mayank Namdev , 2 Fehreen Hasan, 3 Gaurav Shrivastav "A Novel Approach for SQL Injection Prevention Using Hashing & Encryption (SQL-ENCP)",IJCSIT: International Journal of Computer Science and Information Technologies ,Volume-3 Issue-5, 2012.
  12. XuePing-Chen "SQL injection attack and guard technical research",Science Direct: Procedia Engineering,Volume-15 2011.
  13. Atefeh Tajpour, Maslin Masrom, Mohammad Zaman Heydari, Suhaimi Ibrahim, "SQL Injection Detection and Prevention Tools Assessment"[Online]. Available: http://www. meeting. edu. cn/meeting/UploadPapers/1282791435515. pdf
  14. Shelly Rohilla , Pradeep Kumar Mittal "Database Security by Preventing SQL Injection Attacks in Stored Procedures" Volume 3, Issue 11, November 2013.
  15. 1 Asha. N, 2 M. Varun Kumar, 3 Vaidhyanathan. G "Preventing SQL Injection Attacks", International Journal of Computer Applications ,Volume-52 Issue-13, August 2012.
  16. 1 Asha. N, 2 M. Varun Kumar, 3 Vaidhyanathan. G "Preventing SQL Injection Attacks", International Journal of Computer Applications ,Volume-52 Issue-13, August 2012.
  17. Haeng Kon Kim, "Frameworks for SQL Retrieval on Web Application Security ", International MultiConference of Engineers and Computer Scientists Volume-1, March 2010.
  18. 1 S. Suganya, 2 D. Rajthilak, 3 G. Gomathi, "Multi-Tier Web Security on Web Applications from Sql Attacks" IOSR: Journal of Computer Engineering (IOSR-JCE), Volume-16, Issue-2, April 2014
  19. Mihir Gandhi , JwalantBaria, "SQL INJECTION Attacks in Web Application". International Journal of Soft Computing and Engineering (IJSCE) Issues, Vol. 2, Issue 6, January 2013
  20. OWASP (2012, April). XSS (Cross Site Scripting) Prevention CheatSheet [Online]. Available: https://www. owasp. org/index. php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_. 231__HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content
  21. 1 S. SHALINI, 2 S. USHA ," Prevention Of Cross-Site Scripting Attacks (XSS) On Web Applications In The Client Side",IJCSI International Journal of Computer Science,Volume-8 Issue-4, July 2011.
  22. Mike Ter Louw, V. N. Venkatakrishnan,. Robust Prevention of Cross-site Scripting Attacks for Existing Browsers [Online]. Available:http://www. cs. uic. edu/~venkat/research/papers/blueprint-oakland09. pdf
  23. Dennis Schwarz,. "A Multi-Perspective View of PHP Remote File Include Attacks" (November 2009), SANS Institute InfoSec Reading Room [Online]. Available: http://www. sans. org/readingroom/whitepapers/detection/multi-perspective-view-php-remote-file-include-attacks-33229
  24. Aaron Weiss,. "How to Prevent Remote File Inclusion (RFI) Attacks" (January 2012), eSecurity Planet [Online]. Available: http://www. esecurityplanet. com/browser-security/how-to-prevent-remote-file-inclusion-rfi-attacks. html
  25. Jerry Louis,. "Detection of Session Hijacking" (January 2011), [Online]. Available:http://uobrep. openrepository. com/uobrep/bitstream/10547/211810/1/louis2011. pdf
  26. 1 Abhishek Kumar Bharti, 2 Manoj Chaudhary, "Prevention of Session Hijacking and I spoofing with Sensor Nodes and Cryptographic Approach", International Journal of Computer Applications, Volume-76 Issue-9, August 2013.
  27. OWASP (2012, April). Cross-Site Request Forgery (CSRF) (September 2013)[Online]. Available:https://www. owasp. org/index. php/Cross-Site_Request_Forgery_(CSRF)
  28. Martin Psinas (September 2011). "Preventing cross site requesting forgeries", Site Point [Online] Available: http://www. sitepoint. com/preventing-cross-site-request-forgeries/
  29. Wikipedia (May 2014). Directory traversal attack [Online] Avaliable:http://en. wikipedia. org/wiki/Directory_traversal_attack
  30. High Tech bridge (April 2014). Unrestricted Upload of File with Dangerous Type [Online] Available: https://www. htbridge. com/vulnerability/unrestricted-upload-of-file-with-dangerous-type. html
  31. OWASP (April 2014). Unrestricted File Upload [Online] Available: https://www. owasp. org/index. php/Unrestricted_File_Upload
  32. PHP Security Guide: Shared Hosts [Online]. Available: http://phpsec. org/projects/guide/5. html
  33. Ethical Hacking [Online] Available: http://www. breakthesecurity. com/2011/07/what-is-iframe-injection-mass-iframe. html
  34. Protect Data by Preventing Insecure Cryptographic Storage [Online] Available: http://resources. infosecinstitute. com/protect-data-by-preventing-insecure-cryptographic-storage/
Index Terms

Computer Science
Information Sciences

Keywords

Threats vulnerability cross scripting server side scripting security attacks Security breaches session hijacking cookies theft.