• Complain
LitArk » Books » Home and family

Modi Nilesh - Proceedings of International Conference on Communication and Networks: ComNet 2016

Here you can read online Modi Nilesh - Proceedings of International Conference on Communication and Networks: ComNet 2016 full text of the book (entire story) in english for free. Download pdf and epub, get meaning, cover and reviews about this ebook. City: Singapore;Ahmadābād;India, year: 2017, publisher: Springer Singapore, genre: Home and family. Description of the work, (preface) as well as reviews are available. Best literature library LitArk.com created for fans of good reading and offers a wide selection of genres:

Romance novel Science fiction Adventure Detective Science History Home and family Prose Art Politics Computer Non-fiction Religion Business Children Humor

Choose a favorite category and find really read worthwhile books. Enjoy immersion in the world of imagination, feel the emotions of the characters or learn something new for yourself, make an fascinating discovery.

Modi Nilesh Proceedings of International Conference on Communication and Networks: ComNet 2016

Proceedings of International Conference on Communication and Networks: ComNet 2016: summary, description and annotation

We offer to read an annotation, description, summary or preface (depends on what the author of the book "Proceedings of International Conference on Communication and Networks: ComNet 2016" wrote himself). If you haven't found the necessary information about the book — write in the comments, we will try to find it.

Preface; Organising Committee; Core Committee; Organising Committee; Program Committee; Contents; About the Editors; 1 A Novice Approach for Web Application Security; Abstract; 1 Introduction; 2 Literature Survey; 3 Problem Statement; 4 Proposed Model: Model for Remote Database Health Check; 4.1 Objectives of Model; 4.2 Overview; 5 Testing; 5.1 Testing Environment; 5.2 Test Scenarios; 6 Results; 6.1 Results; 6.2 Performance; 6.3 Comparison; 6.4 Comparison of Proposed Model with Top 3 Vulnerability Scanners; 7 Conclusion and Future Work; References.;The volume contains 75 papers presented at International Conference on Communication and Networks (COMNET 2015) held during February 19-20, 2016 at Ahmedabad Management Association (AMA), Ahmedabad, India and organized by Computer Society of India (CSI), Ahmedabad Chapter, Division IV and Association of Computing Machinery (ACM), Ahmedabad Chapter. The book aims to provide a forum to researchers to propose theory and technology on the networks and services, share their experience in IT and telecommunications industries and to discuss future management solutions for communication systems, networks and services. It comprises of original contributions from researchers describing their original, unpublished, research contribution. The papers are mainly from 4 areas - Security, Management and Control, Protocol and Deployment, and Applications. The topics covered in the book are newly emerging algorithms, communication systems, network standards, services, and applications.

Modi Nilesh: author's other books


Who wrote Proceedings of International Conference on Communication and Networks: ComNet 2016? Find out the surname, the name of the author of the book and a list of all author's works by series.


Modi Nilesh - Proceedings of International Conference on Communication and Networks: ComNet 2016
Proceedings of International Conference on Communication and Networks: ComNet 2016
Modi Nilesh
Proceedings of International Conference on Communication and Networks: ComNet 2016

Proceedings of International Conference on Communication and Networks: ComNet 2016 — read online for free the complete book (whole text) full work

Below is the text of the book, divided by pages. System saving the place of the last page read, allows you to conveniently read the book "Proceedings of International Conference on Communication and Networks: ComNet 2016" online for free, without having to search again every time where you left off. Put a bookmark, and you can go to the page where you finished reading at any time.

Light

Font size:

Reset

Interval:

Bookmark:

Make
1234567...180
Springer Nature Singapore Pte Ltd. 2017
Nilesh Modi , Pramode Verma and Bhushan Trivedi (eds.) Proceedings of International Conference on Communication and Networks Advances in Intelligent Systems and Computing 10.1007/978-981-10-2750-5_1
A Novice Approach for Web Application Security
Jignesh Doshi 1
(1)
LJ Institute of Management Studies, Ahmedabad, India
(2)
GLS Institute of Computer Technology, Ahmedabad, India
Jignesh Doshi (Corresponding author)
Email:
Bhushan Trivedi
Email:
Abstract
Number of websites hosted increased exponentially in the past few years. More and more organizations are doing their business on web. As a result the attacks on web applications are increased. It is found that about 60 % of web resources are vulnerable. So computer security is critical and important for Web applications. There are various types of solutions exists for mitigating security risks. Developer Skills and efforts are required in most of the solutions. In this paper, the authors have proposed a model for remote database health check. The focus of model is to provide higher level security assessment. The proof of concepts has been implemented using python. The proposed model has been tested on various test scenarios. Authors have also compared model with the topmost 3 vulnerability scanners. The results were found promising and satisfactory.
Keywords
Web application attacks SQLI Defensive coding Hardening Vulnerability scanner
Introduction
Computer Security is the biggest challenge of the current era [].
Most common approaches used to manage web application attacks are defensive coding, hardening (filtering), static/dynamic code analysis or black box testing. Solutions based application adversely affect cost and developers efforts [].
The authors have proposed a security Model to mitigate security risks. Our focus is to develop Model which can be used for web application database health check and act as a utility. Model which neither require developer skills nor code.
The remainder of the paper is formed as follows: Sect..
Literature Survey
Injection attack is one of the top three attacks since 2010 []. Both attack use Structure query language for execution of attacks.
Most common approaches used to manage SQLI attacks are defensive coding, hardening (filtering), static/dynamic code analysis, Intrusion detection system and black box testing [].
Web application communities have developed various approaches for detection and prevention of SQLI [].
Table 1
Comparison of web application attack solution categories
Approach
Developer
Source code
Web server
Skill
Effort
Required
Required
Defensive coding
X
X
X
Static analysis
X
X
X
Static and dynamic analysis
X
X
X
Black-box/penetration testing
M
X
X
X
IDS
X
X
X
Hardening
X
X
X
It is observed that most of the solutions require Developer Skills, developer efforts and web server/code access (refer to Table ).
Gap: A systematic, dynamic and effective solution is required to detect and prevent SQLI [].
Problem Statement
The authors have found that model with following functionalities is required.
  1. (1)
    Any beginner can run model i.e. no or little technical knowledge is required to execute the model [].
  2. (2)
    Model work as remote penetration testing i.e. access for source code is not required [].
  3. (3)
    Web server access is not required i.e. model can be executed from remote PC without installing it on server [].
  4. (4)
    Model can work as utility [].
Proposed Model: Model for Remote Database Health Check
In this research paper, the authors have proposed a novice approach for performing remote database health check (web vulnerability checks).
4.1 Objectives of Model
The objectives of model are to develop model which can work as a utility with minimum technical skills, companies of any size can perform investigations, developers can develop highly secure web applications and organizations can mitigate with web vulnerabilities.
4.2 Overview
Prototype model is developed using python and will focus on top 2 vulnerabilities (SQL Injection and Blind SQL attacks). Model diagram is described in Fig..
Fig 1 Remote database health check model diagram Following subsections - photo 1
Fig. 1
Remote database health check model diagram
Following subsections describe each phase of the proposed model.
  1. (i)
    Analyse Web Application This step will verify the existence of user entered web application host name.
  2. (ii)
    Information Gathering This step describes the process of investigating, examining and analyzing the target website in order to gather information. System Information (like Operating system name, Version etc.), Database Information (like Database Name, Version, table/column Names etc.) and Links (like number of static links, database links mailing and other links) are gathered.
  3. (iii)
    Vulnerability Assessment In this step model will check the vulnerability of web application using data gathered and rule database (payloads) for SQLI and Blind SQL Injection attacks turn by turn. This task is divided into two sub tasks. First, attacks are build using payload i.e. create injection strings using payloads. Then using identified entry points, it will execute attacks. During vulnerability check, Model will check for all types (attack vectors) of attacks. The model is using payload database. Various payloads are used for building and exploiting attacks like Login, Table and column names, attack payload, rule and words. These payloads provide scalability for any new attacks which may found in future.
The authors have prepared a prototype for implementing and testing this model.
Testing
5.1 Testing Environment
Figure shows the test environment created for proposed model testing.
Fig 2 Test environment Two virtual machines named VICTIM and HACKER are - photo 2
Fig. 2
Test environment
Two virtual machines named VICTIM and HACKER are created on testing machine. PHPEchoCMS web application is deployed on VICTIM machine and proposed model is installed on HACKER Machine. For testing HACKER machine is used.
5.2 Test Scenarios
For proof of concept verification, three test scenarios were considered.
Next page
1234567...180
Light

Font size:

Reset

Interval:

Bookmark:

Make

Similar books «Proceedings of International Conference on Communication and Networks: ComNet 2016»

Look at similar books to Proceedings of International Conference on Communication and Networks: ComNet 2016. We have selected literature similar in name and meaning in the hope of providing readers with more options to find new, interesting, not yet read works.


Pradeep Kumar Singh - Recent Innovations in Computing: Proceedings of ICRIC 2021, Volume 1
Recent Innovations in Computing: Proceedings of ICRIC 2021, Volume 1
Pradeep Kumar Singh
Recent Innovations in Computing: Proceedings of ICRIC 2021, Volume 1
Bernd Finkbeiner - Verification, Model Checking, and Abstract Interpretation: 23rd International Conference, VMCAI 2022, Philadelphia, PA, USA, January 16–18, 2022, Proceedings
Verification, Model Checking, and Abstract Interpretation: 23rd International Conference, VMCAI 2022, Philadelphia, PA, USA, January 16–18, 2022, Proceedings
Bernd Finkbeiner
Verification, Model Checking, and Abstract Interpretation: 23rd International Conference, VMCAI 2022, Philadelphia, PA, USA, January 16–18, 2022, Proceedings
Roger Lee (editor) - Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (Studies in Computational Intelligence, 1012)
Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (Studies in Computational Intelligence, 1012)
Roger Lee (editor)
Software Engineering, Artificial Intelligence, Networking and Parallel/Distributed Computing (Studies in Computational Intelligence, 1012)
Enver Ever (editor) - Forthcoming Networks and Sustainability in the IoT Era: First EAI International Conference, FoNeS – IoT 2020, Virtual Event, October 1-2, 2020, Proceedings
Forthcoming Networks and Sustainability in the IoT Era: First EAI International Conference, FoNeS – IoT 2020, Virtual Event, October 1-2, 2020, Proceedings
Enver Ever (editor)
Forthcoming Networks and Sustainability in the IoT Era: First EAI International Conference, FoNeS – IoT 2020, Virtual Event, October 1-2, 2020, Proceedings
Jyotsna Kumar Mandal - Proceedings of International Conference on Advanced Computing Applications: ICACA 2021
Proceedings of International Conference on Advanced Computing Applications: ICACA 2021
Jyotsna Kumar Mandal
Proceedings of International Conference on Advanced Computing Applications: ICACA 2021
Qi Liu - Proceedings of the 11th International Conference on Computer Engineering and Networks
Proceedings of the 11th International Conference on Computer Engineering and Networks
Qi Liu
Proceedings of the 11th International Conference on Computer Engineering and Networks
Igor Farkaš (editor) - Artificial Neural Networks and Machine Learning – ICANN 2021: 30th International Conference on Artificial Neural Networks, Bratislava, Slovakia, ... I
Artificial Neural Networks and Machine Learning – ICANN 2021: 30th International Conference on Artificial Neural Networks, Bratislava, Slovakia, ... I
Igor Farkaš (editor)
Artificial Neural Networks and Machine Learning – ICANN 2021: 30th International Conference on Artificial Neural Networks, Bratislava, Slovakia, ... I
Juan José Gude Prego - 14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European ... in Intelligent Systems and Computing)
14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European ... in Intelligent Systems and Computing)
Juan José Gude Prego
14th International Conference on Computational Intelligence in Security for Information Systems and 12th International Conference on European ... in Intelligent Systems and Computing)
Christian Hochberger (editor) - Architecture of Computing Systems: 34th International Conference, ARCS 2021, Virtual Event, June 7–8, 2021, Proceedings
Architecture of Computing Systems: 34th International Conference, ARCS 2021, Virtual Event, June 7–8, 2021, Proceedings
Christian Hochberger (editor)
Architecture of Computing Systems: 34th International Conference, ARCS 2021, Virtual Event, June 7–8, 2021, Proceedings
Maode Ma - Proceedings of the 4th International Conference on Telecommunications and Communication Engineering: ICTCE 2020, 4-6 December, Singapore
Proceedings of the 4th International Conference on Telecommunications and Communication Engineering: ICTCE 2020, 4-6 December, Singapore
Maode Ma
Proceedings of the 4th International Conference on Telecommunications and Communication Engineering: ICTCE 2020, 4-6 December, Singapore
Korytkowski Marcin. - Artificial Intelligence and Soft Computing: 16th International Conference, ICAISC 2017, Zakopane, Poland, June 11-15, 2017, Proceedings, Part I
Artificial Intelligence and Soft Computing: 16th International Conference, ICAISC 2017, Zakopane, Poland, June 11-15, 2017, Proceedings, Part I
Korytkowski Marcin.
Artificial Intelligence and Soft Computing: 16th International Conference, ICAISC 2017, Zakopane, Poland, June 11-15, 2017, Proceedings, Part I
No cover
No cover
Committee on Fire- and Smoke-Resistant Materials for
Improved Fire- and Smoke-Resistant Materials for Commercial Aircraft Interiors: A Proceedings (Publication Nmab;, 477-2)
Reviews about «Proceedings of International Conference on Communication and Networks: ComNet 2016»

Discussion, reviews of the book Proceedings of International Conference on Communication and Networks: ComNet 2016 and just readers' own opinions. Leave your comments, write what you think about the work, its meaning or the main characters. Specify what exactly you liked and what you didn't like, and why you think so.