Prevention of attack on Islamic websites by fixing SQL injection vulnerabilities using co-evolutionary search approach

Abstract

In recent times, there is an alarming increase in web application attacks, with significant cases, specifically, targeting Islamic websites. Since 2004, SQL Injection Vulnerabilities (SQLIVs) remains the most serious software security loopholes via which web applications are exploited. Fixing SQLIVs prior to deployment would provide very effective means of protection against such exploits. Ideally, SQLIVs fixing includes four main phases: SQLIVs detection, fix generation, fix application, and fix effectiveness verification. Most existing research works address different phases separately. There is no single research that addresses the four phases in a seamless integrated automation. This paper presents instances of attack on Islamic websites, and then propose framework for seamless integrated and automated SQLIVs fixing for web application, as part of an ongoing research work. The framework employs Evolutionary Programming to establish competitive co-evolution of web applications and test sets, in which fitness of evolved web applications is evaluated based on their ability to defend test attacks and pass legitimate input tests.