DEFENSE APPROACH AGAINST REMOTE FILE INCLUSION ATTACK IN WEB BASED APPLICATIONS USING SECURE CODING

!!!! Bi-Annual Double Blind Peer Reviewed Refereed Journal !!!!

!!!! Open Access Journal !!!!

Abstract: 

In this era, we are totally dependent on web applications and their wide-ranging uses, they are under continuous attack by hackers to perform malicious code and steal data through  the manipulation of an enterprise’s web server. Remote and local file inclusion (RFI/LFI) attacks are a favorite choice for hackers and many security professionals aren’t observing  which is affecting vulnerabilities in web applications that dynamically mention external scripts. An important part of these attacks is vulnerable source code, often written in unsafe codes with languages like PHP. Code analysis tools are a result to find vulnerabilities, but they tend to generate false positives, and require considerable effort for programmers to manually fix the code. Our method is to defence against this type of attack, we have implement a mechanism that defence & prevent the file injection by incorporating the technique of secure coding to eliminate file Injection vulnerabilities up to some extent. The propose approach is a defence for such attacks based on a secure coding practices, which computes the Secure by Design, Defence in Depth, Least Privilege, Positive Security, Fail Securely, Avoid Security by Obscurity, Complete Remediation.

Category: 
Vol9_Issue2
Authors: 
Tushavara Oakesh, Student M.Tech, Raksha Shakti University, Ahmedabad, Gujarat, India
Dr. Priyanka Sharma, Professor, Raksha Shakti University, Ahmedabad, Gujarat, India
Rating: 
Average: 1 (1 vote)