S-RealSpec: A Security Extension to Detect SQLI attack and Sensitive Data Exposure
Abstract
As security flaws can result in considerable financial losses in rework and a bad reputation due to subpar web apps, there is a growing area of the security of web applications. Online application security is becoming more and more of a concern since security holes can cost a lot of money in rework and damage the reputation of a business because of poor online applications. Poor modelling and design processes that neglect to model and create essential logging requirements and data validation security features and apply them haphazardly during development are the root cause of SQL Injection attacks and sensitive data exposure, among other types of attacks. Throughout the software development life cycle, specification languages are used to describe the security requirements for secure logging and data validation. To counteract attacks involving the sensitive data exposure, the specification languages do not, however, include detailed particular security requirements for secure logging and data validation. Additionally, this research project offers RealSpec security extension to detect SQLI attacks and sensitive data exposure. Early in the requirement analysis and design process, the goal of this effort is to define, record, and validate security requirements and integrate security throughout software development. To transform specification from design to implementation level a custom compiler is then used to convert the requirements into C++ code. The suggested method then compares the C++ code to attack patterns; if an attack is found, the system throws an exception.