Automated Testing for Vulnerabilities reduction in Preventing Structured Query Language Injection, Cross Site Scripting and Request Forgery Attacks in Web Application

I.Shahanaz begum; G.Geetharamani

Volume : V, Issue : XII, December - 2016

Automated Testing for Vulnerabilities reduction in Preventing Structured Query Language Injection, Cross Site Scripting and Request Forgery Attacks in Web Application

I. Shahanaz Begum, G. Geetharamani

Abstract :

Current E–Commerce applications are vulnerable to many Web based Attacks. Many vulnerabilities exist in Web Application to perform SQL Injection, XSS and CSRF Attacks. ?e form fields of the Website are prone to such vulnerabilities. Testing the form fields is an involved process and hence this work attempts to propose an automated process for the testing by generating testcases. TestNG in the Selenium Testing Tool generated testcases to provide validations for the form fields of the Forum Website and they are executed in parallel making use of the Multithreading support provided by this tool to prevent the mounting of the related attacks. ?e execution time for these testcases is compared with that of the testcases not including Multithreading support and the results are found to be very encouraging. ?e validations may be provided at the Client side, Web and DB Server side. Session tracking techniques are also provided to prevent some of the attacks. ?e results are validated with the help of Sugeno Fuzzy Inference System. ?e experiments are carried out on the Web pages of a Forum Website that includes the detection of the Vulnerabilities injected into the Web application with the help of a Web Application Vulnerability Scanner.