Open Access

ARTICLE

Web Attack Detection Using the Input Validation Method: DPDA Theory

Osamah Ibrahim Khalaf¹, Munsif Sokiyna^2,*, Youseef Alotaibi³, Abdulmajeed Alsufyani⁴, Saleh Alghamdi⁵

1 Al-Nahrain University, Al-Nahrain Nano Renewable Energy Research Center, Baghdad, Iraq
2 Department of Management Information Systems, Faculty of Science & Information Technology, Cyprus International University, Nicosia, Cyprus
3 Department of Computer Science, College of Computers and Information Systems, Umm Al-Qura University, Makkah, Saudi Arabia
4 Department of Computer Science, College of Computers and Information Technology, Taif University, Taif, 21944, Saudi Arabia
5 Department of Information Technology College of Computers and Information Technology, Taif University, Taif, 21944, Saudi Arabia

* Corresponding Author: Munsif Sokiyna. Email:

Computers, Materials & Continua 2021, 68(3), 3167-3184. https://doi.org/10.32604/cmc.2021.016099

Received 22 December 2020; Accepted 12 March 2021; Issue published 06 May 2021

Abstract

A major issue while building web applications is proper input validation and sanitization. Attackers can quickly exploit errors and vulnerabilities that lead to malicious behavior in web application validation operations. Attackers are rapidly improving their capabilities and technologies and now focus on exploiting vulnerabilities in web applications and compromising confidentiality. Cross-site scripting (XSS) and SQL injection attack (SQLIA) are attacks in which a hacker sends malicious inputs (cheat codes) to confuse a web application, to access or disable the application’s back-end without user awareness. In this paper, we explore the problem of detecting and removing bugs from both client-side and server-side code. A new idea that allows assault detection and prevention using the input validation mechanism is introduced. In addition, the project supports web security tests by providing easy-to-use and accurate models of vulnerability prediction and methods for validation. If these attributes imply a program statement that is vulnerable in an SQLIA, this can be evaluated and checked for a set of static code attributes. Additionally, we provide a script whitelisting interception layer built into the browser’s JavaScript engine, where the SQLIA is eventually detected and the XSS attack resolved using the method of input validation and script whitelisting under pushdown automatons. This framework was tested under a scenario of an SQL attack and XSS. It is demonstrated to offer an extensive improvement over the current framework. The framework’s main ability lies in the decrease of bogus positives. It has been demonstrated utilizing new methodologies, nevertheless giving unique access to sites dependent on the peculiarity score related to web demands. Our proposed input validation framework is shown to identify all anomalies and delivers better execution in contrast with the current program.

---

Keywords

---

Citations