Detecting vulnerabilities in website using multiscale approaches: based on case study
Abstract
In the realm of modern web applications, security stands as an utmost priority. To address this critical concern, we've developed a versatile Python script with the primary goal of proactively identifying vulnerabilities and thwarting transient attacks. Leveraging various libraries, this tool comprehensively covers a broad spectrum of threats, including SQL injection (SQLi), cross-site scripting (XSS), cross-site request forgery (CSRF), sensitive data leakage, security misconfiguration, distributed denial-of-service (DDoS) vulnerabilities, and secure socket layer (SSL) or transport layer security (TLS). This Python-based solution prioritizes adaptability, ensuring seamless integration of future updates to effectively combat evolving threats. Utilizing innovative methods such as SQLi and XSS payload injection, the script assesses the susceptibility of input fields. And addressing CSRF vulnerabilities, the script generates and validates tokens, fortifying defenses against unauthorized actions. Employing pattern analysis, it combats sensitive data exposure and security misconfigurations, adeptly identifying elements like credit card numbers, passwords, and headers. Furthermore, the script enhances overall security by scrutinizing SSL/TLS protocols and monitoring port accessibility. It reinforces DDoS detection by actively monitoring traffic patterns, identifying anomalies, and proactively averting disruptions.
Keywords
Comprehensive protection; Distributed denial-of-service; Multiscale approaches; Python-based scanner; Security misconfiguration; Structured query language injection; Web security
Full Text:
PDFDOI: http://doi.org/10.11591/ijece.v14i3.pp2814-2821
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
International Journal of Electrical and Computer Engineering (IJECE)
p-ISSN 2088-8708, e-ISSN 2722-2578
This journal is published by the Institute of Advanced Engineering and Science (IAES) in collaboration with Intelektual Pustaka Media Utama (IPMU).