Computer Engineering and Intelligent Systems

Security vulnerabilities in web applications that are being found today are much higher than in any operating systems. So it clearly means that threats intended at web applications are utilizing vulnerabilities at the application. Simultaneously, amount and impact of security vulnerabilities on web applications has increases as well. Almost in all online transactions user access is authorized before providing access to database of application. But organized injection could provide entry to unauthorized users and it almost achieved via SQL injection and Cross-site scripting (XSS). In this article we provide a web vulnerability scanning and analyzing tool of various kinds of SQL injection and Cross Site Scripting (XSS) attacks named as SQLSCAN. Our proposed method will work with web application developed on any technology like PHP, JAVA, ASP .NET. We evaluate our proposed scanner by experiments to calculate its performance. We also evaluate the performance of SQLSCAN with performance of parallel tools in the literature.

Keywords: Web Application security, Attack, Injection, SQL, XSS, Vulnerability, Scanner.