Analysis of Field Data on Web Security Vulnerabilities

1. Automated Crawler towards Vulnerability Scan Report Generator IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014 Analysis of Field Data on Web Security Vulnerabilities

2. A Software /Manufacturing Research Company Run By Microsoft Most Valuable Professional VenkatesanPrabu .J MANAGING DIRECTOR Microsoft Web Developer Advisory Council team member and a well known Microsoft Most Valuable Professional (MVP) for the year 2008, 2009, 2010,2011,2012,2013 ,2014. LakshmiNarayanan.J GENERAL MANAGER BlackBerry Server Admin. Oracle 10g SQL Expert. Arunachalam.J Electronic Architect Human Resourse Manager

3. Abstract • Most web applications have critical bugs (faults) affecting their security, which makes them vulnerable to attacks by hackers and organized crime. To prevent these security problems from occurring it is of utmost importance to understand the typical software faults. • This paper contributes to this body of knowledge by presenting a field study on two of the most widely spread and critical web application vulnerabilities: SQL Injection and XSS. It analyzes the source code of security patches of widely used web applications written in weak and strong typed languages. Results show that only a small subset of software fault types, affecting a restricted collection of statements, is related to security. • To understand how these vulnerabilities are really exploited by hackers, this paper also presents an analysis of the source code of the scripts used to attack them. The outcomes of this study can be used to train software developers and code inspectors in the detection of such faults and are also the foundation for the research of realistic.

4. Existing System • In the Existing system, the possible attacks on the system is validated and the information about the attacks will be taken for future development. • A crawler application is created to crawl the entire web pages of an application. Each links in the application will be considered for automatic invocation of the new web page load. • Banner Grabbing is one of the feature checked in the existing system to grab the information about the application like type of database, version of the database etc..,

5. Proposed System • Automatic crawling of any web application and fetching the possible hyperlinks from the web pages is the first step towards our journey. • Constructing a dynamic URL with the hyperlinks constructed will be done. After getting the dynamic URL, the web pages will be loaded based on the constructed URL and checked for vulnerability. • In our project, we are going to analyze the possible attacks on the system like, • Query String Attack • Union Attack • Banner Grabbing • Cross Side Scripting

6. System Requirements • Hardware Requirements: System : Pentium IV 2.4 GHz. Hard Disk : 80 GB. Floppy Driv : 1.44 Mb. Monitor : 15 VGA Colour. Mouse : Logitech. Ram : 1 GB or Above • Software Requirements: Operating system : Windows 7 Front End : Dot net 4.0 (VS2010) Backend : SQLServer2008 R2

7. Architecture Diagram

8. Records Breaks Asia Book Of Records Tamil Nadu Of Records India Of Records MVP Awards World Record

9. Services: A Software /Manufacturing Research Company Run By Microsoft Most Valuable Professional Inplant Training. Internship. Workshop’s. Final Year Project’s. Industrial Visit. Contact Us: +91 98406 78906,+91 90037 18877 kaashiv.info@gmail.com www.kaashivinfotech.com Shivanantha Building (Second building to Ayyappan Temple),X41, 5th Floor, 2nd avenue,Anna Nagar,Chennai-40.