SQL Injection and Cross Site Scripting Prevention using OWASP ModSecurity Web Application Firewall

- Robinson - Politeknik Caltex Riau, Pekanbaru, Indonesia
Memen Akbar - Politeknik Caltex Riau, Pekanbaru, Indonesia
Muhammad Fadhly Ridha - Politeknik Caltex Riau, Pekanbaru, Indonesia


Citation Format:



DOI: http://dx.doi.org/10.30630/joiv.2.4.107

Abstract


Web Application or website are widely used to provide functionality that allows companies to build and maintain relationships with their customers. The Information stored by web applications is often confidential and, if obtained by malicious attackers. Its exposure could result in substantial losses for both consumers and companies. SQL Injection and Cross Site Scripting are attacks that aiming web application database vulnerabilities. Its can allow malicious attackers to manipulate web server database that can cause various data lost, information thieving, and inconsistent of data. Therefore, this research propose the Open Web Application Security Project (OWASP) ModSecurity Core Rule Set which can help administrator securing the web servers. OWASP operate by blocking IP Address which try to breaking the security rule, monitoring network traffic and preventing suspicious network requesting from outside.


Full Text:

PDF

References


BackBox | A Free Open Source Community Project. (n d). Retrieved from Backbox: https://backbox.org

Crhis,A. (2002). Advanced SQL Injection in SQL Server Application. Software Insigth Security Research ( NISR ) Publication.

Conallen, J. (1999). Building Web Application with UML. Addison Wesley.

Curphey, M., & Groves, D. (2006). Retrieved from Open Web Application Security Project : https://www.owasp.org/index.php/OWASP_Modsecurity_Core_Rule_Set_Project

Dharma, M. H. (2011). Simulasi dan Analisa Keamanan Jaringan Menggunakan Honeypot.Pekanbaru: Politeknik Caltex Riau.

Endraca, A, King, B., Nodalo, G., Maria, M. S., & Sabas, I.(2013). Web Application Firewall (WAF). International Journal of eEduciation, e-Business, e-Management and e-Learning.

Feri, S. (2014). Implementasi Firewall Aplikasi Web untuk Mencegah SQL Injection Menggunakan Naxsi. Yogyakarta : Universitas Islam Negeri Sunan Kalijaga.

Justin, C. (2009). SQL Injection Attacks and Defense. Burlington: Syngress Publishing, Inc.

Kali Linux | Penetration Testing and Ethical Hacking Linux Distribution. (n.d.). Retrieved from kali.org: http://kali.org

Mate Vibhakti, T. M. (2014). Building A Secure & Anti-Theft Web Application By Detecting and Preventing Owasp Critical Attacks. International Journal of Engineering Research and Applications (IJERA).

Muniz Jospeh, L. A. (2013). Web Penetration Testing with Linux. Birmingham, UK: Packt Publishing Ltd.

Parrot Project. (n.d.). Retrieved from Parrot OS: www.parrotsec.org

Pedersen, A. (2006). cPanel User Guide and Tutorial. Birmingham: Packt Publishing.

Pritchett Willie L, S. D. (2013). Kali Linux Cookbook. Birmingham,UK: Packt Publishing Ltd.

Randhe Kirit, M. V. (2012). Defense against SQL Injection and Cross Site Scripting Vulnerabilities. International Journal of Science and Research (IJSR).

Rudi, R. (2011). Membangun Server yang Tahan Terhadap Serangan Brute Force Menggunakan Fail2ban pada Debian 2.0 Squeeze. Pekanbaru: Politeknik Caltex Riau.

Shah Junaid Latief, K. A. (2014). Cross Site Scripting (XSS) : The dark side of HTML. International Journal of Engineering and Computer Science, 4066-4068.

Spett, K. (2005). Cross-Site Scripting. SPI Dynamic, Inc.

Syafrizal, M. (2005). Pengantar Jaringan Komputer. Yogyakarta: ANDI

Vogt Philipp, N. F. (n.d.). Cross-Site Scripting Prevention with Dynamic Data Tainting and Static Analysis. Secure Systems Lab Technical University Vienna.

Wardana, H. K., Novan, S., & Handoko. (2009). Jurusan Teknik Elektro Fakultas Teknik Universitas Kristen Satya Wacana. Aplikasi Penggunaan Simple Network Management Protocol (SNMP) dalam Jaringan, 93-108.

Yulianingsih. (2017). Melindungi Aplikasi dari Serangan CrossSite Scripting (XSS) dengan Metode MetaCharacter. FakultasTeknik dan MIPA Universitas Indraprasta PGRI, Vol.03 , No.01.