• S. A. Gadhiya
• K. H. Wandra

As the web and web application becomes increasingly complex, web applications become more sophisticated and dynamic with rapidly increasing speed of internet and computational power of computing devices. One of the most important challenges that web applications have become complex is in how they use input data. Web pages are no longer static, they contain dynamic content from sources that may be trusted, un trusted, or trusted but potentially buggy. There are many places that this type of data can come from user input, advertisements, or widgets, to name a few. These sources of data have led to a class of attacks know as content injection attacks. In these attacks, an attacker is able to place malicious content on a page and make it act as if it came from the developer. This can lead to cross-site scripting attacks, phishing, or malicious information. In order to counter these types of attacks, developers implement web application security technique that allowed and disallowed content on a web page. The security techniques have been implemented by use of sanitization functions, or content filters, that modify un trusted data to conform to a well-understood and safe set of behaviors. Many web applications available today make use of some way of session management to be able to couple state to a particular user. This state varies from the user’s preferences to user authentication and private information. Unfortunately, it is possible for an attacker to exploit session management in order to impersonate another user at a web application. In this thesis we describe attacks that enable an attacker to impersonate a victim, and the ways in which they can be prevented. Different attacks abusing session management are known: session hijacking, wherein the attacker captures a victim’s session identifier (or SID); session fixation, wherein the attacker imposes his own SID upon a victim’s web browser; and cross site request forgery, wherein the attacker uses a victim’s browser to issue requests as if they came from the victim. For all three attacks, different attack vectors exist, which allow an attacker to create complex attack scenarios which are difficult to prevent. In this paper we have discussed various tools available to detect Injection attack and various prevention measures for them.

Web Threats, Code Injection, Web Threats Detection, Web Threats Prevention.

"Web Threats Detection and Prevention for Vulnerabilities", International Journal of Emerging Technologies and Innovative Research (www.jetir.org), ISSN:2349-5162, Vol.5, Issue 7, page no.97-100, July-2018, Available :http://www.jetir.org/papers/JETIR1807364.pdf

"Web Threats Detection and Prevention for Vulnerabilities", International Journal of Emerging Technologies and Innovative Research (www.jetir.org | UGC and issn Approved), ISSN:2349-5162, Vol.5, Issue 7, page no. pp97-100, July-2018, Available at : http://www.jetir.org/papers/JETIR1807364.pdf