WEB APPLICATION VULNERABILITY TESTING SYSTEM USING XSS_SQL_SCANNING ALGORITHM

Abstract

Nowadays, many people use the internet for more than one purpose. Among these purposes, they mostly apply the web application which is one of the internet usage technologies. A web application is composed of a web server and web browser in other terms client-side and server-side. Web applications are typically developed with a limitation of time and usually, application developers make mistakes in the code which can cause application vulnerabilities. If the vulnerability appears, some of the irresponsible people who are attackers will exploit web applications through vulnerability to obtain some privileges in the system. Due to the widespread use of web applications, it is essential to discover vulnerabilities to avoid the exploitation of web applications. Various well-known scanners are available for detecting vulnerabilities. In this thesis, the proposed system can also find out vulnerability as almost as these scanners. The proposed system presented in this thesis can find the two types of vulnerability, Structured Query Language (SQL) injection and Cross-site scripting (XSS) attacks that are a huge risk for victim businesses and they mostly occur in the web application. Besides, the proposed system applies the Naïve pattern matching algorithm even though other several methods completed in the string searching process, because they are still having complexities in constructing the preprocessing phase. Moreover, the response message returned by the proposed system is too short enough to match by this pattern matching algorithm approach. Finally, the proposed system is being used by the well-known scanner and is evaluated how accurate the results based on having false negative and false positive rate.