S-RealSpec: A Security Extension to Detect SQLI attack and Sensitive Data Exposure

Authors

  • Muniba Murtaza

DOI:

https://doi.org/10.53555/ks.v12i5.3326

Keywords:

security feature, security requirements, model-driven security, MDS, evaluation framework, secure auditing, secure logging, specification languages, SQL Injection, data validation.

Abstract

As security flaws can result in considerable financial losses in rework and a bad reputation due to subpar web apps, there is a growing area of the security of web applications. Online application security is becoming more and more of a concern since security holes can cost a lot of money in rework and damage the reputation of a business because of poor online applications. Poor modelling and design processes that neglect to model and create essential logging requirements and data validation security features and apply them haphazardly during development are the root cause of SQL Injection attacks and sensitive data exposure, among other types of attacks. Throughout the software development life cycle, specification languages are used to describe the security requirements for secure logging and data validation. To counteract attacks involving the sensitive data exposure, the specification languages do not, however, include detailed particular security requirements for secure logging and data validation. Additionally, this research project offers RealSpec security extension to detect SQLI attacks and sensitive data exposure. Early in the requirement analysis and design process, the goal of this effort is to define, record, and validate security requirements and integrate security throughout software development. To transform specification from design to implementation level a custom compiler is then used to convert the requirements into C++ code. The suggested method then compares the C++ code to attack patterns; if an attack is found, the system throws an exception. 

Author Biography

Muniba Murtaza

Department of Computer Science, Faculty of Computing and Information Technology, International Islamic University, Islamabad, 192122, Pakistan 

Downloads

Published

2024-08-22

How to Cite

Muniba Murtaza. (2024). S-RealSpec: A Security Extension to Detect SQLI attack and Sensitive Data Exposure . Kurdish Studies, 12(5), 757–769. https://doi.org/10.53555/ks.v12i5.3326