Effective Web Application Vulnerability Testing System Using Proposed XSS_SQL_Scanning_Algorithm

Abstract

Nowadays, many people use the internet for more than one purposes. Among these purposes, they mostly apply the web application which is one of the internet usage technologies. A web application is composed of a web server and web browser in other terms client-side and server-side. Web applications are typically developed with a limitation of time and usually, application developers make mistakes in the code which can cause application vulnerabilities. If the vulnerability appears, some of the irresponsible people who are attackers will exploit web applications through a vulnerability to obtain some privileges in the system. Due to the widespread use of web applications, it is essential to discover vulnerabilities to avoid the exploitation of web applications. Various well-known scanners are available for detecting vulnerabilities. In this paper, our proposed algorithm can also find out vulnerability as these scanners. The proposed algorithm presented in this paper can find the two types of vulnerability, Structured Query Language (SQL) injection and Cross-site Scripting (XSS) attacks that are a huge risk for victim businesses and they are mostly occur in the web application. Besides, our proposed algorithm applies the Naïve pattern matching algorithm even though other several methods completed in the string searching process, because they are still having complexities in constructing the preprocessing phase. Moreover, the response message returned by the proposed algorithm is too short enough to match by this pattern matching algorithm approach. The proposed system does not take too much system memory so that it saves the memory consumption. Finally, we test our proposed system using the well-known scanner and evaluate how accurate the results based on having false negative and false positive rate.