首页    期刊浏览 2024年12月03日 星期二
登录注册

文章基本信息

  • 标题:A novel technique to prevent SQL injection and cross-site scripting attacks using Knuth-Morris-Pratt string match algorithm
  • 本地全文:下载
  • 作者:Oluwakemi Christiana Abikoye ; Abdullahi Abubakar ; Ahmed Haruna Dokoro
  • 期刊名称:EURASIP Journal on Information Security
  • 印刷版ISSN:1687-4161
  • 电子版ISSN:1687-417X
  • 出版年度:2020
  • 卷号:2020
  • 期号:1
  • 页码:1
  • DOI:10.1186/s13635-020-00113-y
  • 出版社:Hindawi Publishing Corporation
  • 摘要:Structured Query Language (SQL) injection and cross-site scripting remain a major threat to data-driven web applications. Instances where hackers obtain unrestricted access to back-end database of web applications so as to steal, edit, and destroy confidential data are increasing. Therefore, measures must be put in place to curtail the growing threats of SQL injection and XSS attacks. This study presents a technique for detecting and preventing these threats using Knuth-Morris-Pratt (KMP) string matching algorithm. The algorithm was used to match user’s input string with the stored pattern of the injection string in order to detect any malicious code. The implementation was carried out using PHP scripting language and Apache XAMPP Server. The security level of the technique was measured using different test cases of SQL injection, cross-site scripting (XSS), and encoded injection attacks. Results obtained revealed that the proposed technique was able to successfully detect and prevent the attacks, log the attack entry in the database, block the system using its mac address, and also generate a warning message. Therefore, the proposed technique proved to be more effective in detecting and preventing SQL injection and XSS attacks
  • 关键词:SQL injection ; Cross-site scripting ; Information security ; Web application vulnerability ; Knuth-Morris-Pratt (KMP) string matching algorithm
国家哲学社会科学文献中心版权所有