Browsing by Author "Supervisor: SAOUDI, LALIA"

Now showing 1 - 2 of 2
  • Thumbnail Image
    ItemOpen Access
    Design and Development of Anti-XSS Proxy
    (University of M'sila, 2016-06-10) GHERBI, ADEL AMINE; Supervisor: SAOUDI, LALIA
    Crom Site Scripting (XSS) is a common security problem of web application where attacker can inject scripting code into the input of the application that is then set to a 's wh browse In the web browser, this scripting code is muted and nd to for mitive data to a third party. Today's wations attempt prevent XXS on the aver side and client side, for example, by inspecting and modifying the data set to and from the web application. Our pridion am se detect XSS attacks on the proxy side by analyzing besh the client request and the server response and hahing each fun scrips on the response page coure this hash with the besign one. If the system detects y co deviation, the scripe will he blocked, and the XSS type detector will be ed eliminate any sod XSS Dow database With such way our sy does protect both server and client side. As a ret, the additional protection layer when surfing websites.
  • Thumbnail Image
    ItemOpen Access
    An information theoretic approach to detect SQLI Intrusion
    (University of M'sila, 2015-06-10) BOUKAROUI, HADJER; Supervisor: SAOUDI, LALIA; Supervisor: Fernini, Belabdelouahab
    SQL Injection (SQLI) is a widespread vulnerability commonly found in web-based programs. Exploitations of SQL injection vulnerabilities lead to harmful consequences such as authentication bypassing and leakage of sensitive personal information. Therefore, SQLI needs to be mitigated to protect end users. In this work, we present an approach to detect SQLI attacks based on information theory. We compute the entropy of each query present in a program accessed before program deployment. During the program execution time, when an SQL query is invoked, we compute the entropy again to identify any change in the entropy measure for that query. The approach then relies on the assumption that dynamic queries with attack inputs result in increased or decreased level of entropy. In contrast, a dynamic query with benign inputs does not result in any change of entropy value.