Preventing input type validation vulnerabilities using network based intrusion detection systems

Web applications became most common medium in the internet and are easily accessible using browser software. Because of popularity and ease of use it gained the interest of attackers. Web applications attackers mostly use browsers as an attacking tool. Web applications are prone to all major vulnerabilities as normal software vulnerabilities. Among all, SQL Injections and XSS are most popular and frequently occurred attacks. Existing research works majorly concentrated on code verification with syntax analyzers and are deployed at the server. These techniques overheads the web applications performance because of online verification of SQL statements that are dynamically prepared by the applications and are combined deployed along with the web application at the server. Unfortunately, these techniques are bound to a programming language. Combined approaches such as IPAAS use syntax analyzers as well as HTTP Parameter type verification. Even though the technique overcomes the problem of code modification at client/server, it is also bound to a programming language. We propose a novel technique of HTTP Stateless and automated parameter pollution verification at network level, it is an independent of web application programming language, and can be directly applied on any web application. It doesn´t depend on syntax analyzers and is anomaly intrusion detection system, capable of detecting published (known) and un-published (unknown) vulnerabilities. It reduces the sanity checks at web application. The system evaluated on seven SQL/XSS allowed real time web applications with 2783 attack patterns of exploit-db and on all possible parameters. The system successfully prevented 92.96% SQL Injection attacks, 79.86% XSS attacks without impacting server operations.