| Titre : | Web application vulnerabilities detection and reduction |
| Auteurs : | MOHAMED EL AKHDAR BENZEKRI, Auteur ; Djemaa Boukhlouf, Directeur de thèse |
| Type de document : | Monographie imprimée |
| Editeur : | Biskra [Algérie] : Faculté des Sciences Exactes et des Sciences de la Nature et de la Vie, Université Mohamed Khider, 2022 |
| Format : | 1 vol. (84 p.) / couv. ill. en coul / 30 cm |
| Langues: | Anglais |
| Mots-clés: | SQL injection, XSS injection, machine learning, convolutional neural network, data processing, training, testing, model ... |
| Résumé : |
With the emergence of web applications and the wide spread of their services and their use in business transactions and data exchange, which allowed attackers to exploit weaknesses in web applications and carry out various attacks such as Cross Site Scripting (XSS injection) and SQL code injection, defacement and session hijacking and doing damage to users.In this study we will focus on tow types of injection attacks (XSS and SQL) so that there are ways to detect and prevent vulnerabilities and protect them from attackers such as IDS, IPS, Firewall, and VPN They only reduce and do not do the job. In this work we propose protection methods such as machine learning, deep learning, neural network to create one model and logistic regression to analyze SQL and XSS commands and data that is logged to enter into a web application, and we specifically suggest a convolutional neural network and logistic regression to analyze these inputs, where we propose a set of data imported from the Internet with adding data manually with a suggestion a model for including normal and unusual transactions. |
| Sommaire : |
General introduction 1 1 Web application security 3 1.1 Introduction . 3 1.2 Web application 3 1.2.1 definition 3 1.3 Web application architecture 3 1.3.1 Web application architecture components 4 1.4 Web application terminology . 5 1.5 Why is web application not secure .. 8 1.5.1 What is a vulnerability ? .. 8 1.5.2 Vulnerabilities classification 8 1.5.3 Types of vulnerabilities . 8 1.6 Web Attacks. 10 1.6.1 Definition 10 1.6.2 Malware . 11 1.6.3 Phishing 11 1.6.4 Man-in-the-middle attack . 11 1.6.5 DoS/DDoS 11 1.6.6 SQL Injection 11 1.6.7 Zero-day exploit 11 1.6.8 Cross Site Scripting 11 1.6.9 Business Email compromise 11 1.7 Security mechanisms and approaches for securing web applications .. 12 1.7.1 Security mechanisms 12 1.7.2 Security approaches 13 1.8 Conclusion 14 2 Vulnerabilities detection methods 15 2.1 Introduction . 15 2.2 The Open Web Application Security Project (OWASP). 15 2.3 Top 10 vulnerabilities 16 2.3.1 Broken access control 16 2.3.2 Cryptographic failures . 17 2.3.3 Injection 18 2.3.4 Insecure design 18 i2.3.5 Security misconfiguration 19 2.3.6 Vulnerable and Outdated components 20 2.3.7 Identification and authentication failures 20 2.3.8 Software and data integrity failures(XSS and insecure deserialization) 21 2.3.9 Security Logging and Monitoring Failures 22 2.3.10 Server-side request forgery (SSRF) 22 2.4 National vulnerability database (NVD) 23 2.4.1 A Brief History of the NVD . 24 2.4.2 CVEs and the NVD Process 24 2.5 Vulnerability detection using machine learning 26 2.5.1 Machine learning tasks 26 2.5.2 Machine learning algorithms 29 2.5.3 types of machine learning algorithms 29 2.6 Vulnerability detection using Deep Learning 30 2.6.1 How Deep Learning Works30 2.6.2 Difference Between Machine Learning and Deep Learning 31 2.6.3 How to create and train deep learning models 32 2.6.4 Deep Neural Network 32 2.7 Vulnerability detection using Natural Language Processing (NLP) technology 33 2.7.1 Natural Language Processing 33 2.7.2 How does Natural Language Processing Works 34 2.7.3 Deep Learning in Natural Language Processing 34 2.8 Related work 37 2.8.1 Vulnerability prediction based on metrics 37 2.8.2 Anomaly detection approaches for finding vulnerabilities38 2.8.3 Vulnerable code pattern analysis and similarity analysis39 2.9 conclusion 40 3 Conception 41 3.1 Introduction 41 3.2 System presentation 41 3.2.1 System objectives 41 3.2.2 Flow chart of the global system Architecture 41 3.3 Detailed System Design 42 3.3.1 Flow chart of creating CNN model42 3.3.2 Data Collection 43 3.3.3 Data Preparation 44 3.3.4 Classification and Training . 45 3.4 Model Testing 46 3.4.1 Using the model 46 3.5 Designed by UML 47 3.5.1 Sequence diagram for ” Registration ” 47 3.5.2 Sequence diagram for ” Authentication” 48 3.6 Conclusion 49 4 Implementation 50 4.1 Introduction 50 4.2 Development Environment 50 4.2.1 Python . 50 ii4.2.2 Environment using google colab for creating the model 51 4.2.3 XAMPP 51 4.2.4 Django 52 4.3 The used tools 53 4.3.1 Tensorflow 53 4.3.2 Keras 54 4.4 Structures of Data 54 4.4.1 Part of the used dataset 54 4.4.2 pre-processing Data 55 4.4.3 Training 56 4.4.4 Evaluation 57 4.4.5 Experiments and Obtained Results 58 4.4.6 Testing. 60 4.5 Presentation system 61 4.5.1 Database 61 4.5.2 Interface Already Registered ”Login” 61 4.5.3 First Time Registration Interface ”New User” 62 4.5.4 First Time Registration Interface ”New User” 63 4.5.5 Application After Prevention . 64 4.6 Conclusion 66 General conclusion 67 |
Disponibilité (1)
| Cote | Support | Localisation | Statut |
|---|---|---|---|
| MINF/701 | Mémoire master | bibliothèque sciences exactes | Consultable |
