I am doing an investigation in to cross site scripting and sql injection and maybe other attacks for my thesis basically looking at vulnerabilities in websites that could potentially cause these attacks, I am struggling to come up with ways in which to demonstrate this. Intially I was thinking about setting up a fictional website that is vulnerable to cross site scripting and sql injections etc, and then comparing various methods to prevent this attack, for example the use of vulnerability scanner and code review etc. Anybody have any suggestions to make? What else can you suggest to add that would possibly increase the complexity of the theisis?
Jenny12345
0
Newbie Poster
Recommended Answers
Jump to PostTry multiple websites built with different technologies. Then you can compare how they differ in preventing such attacks.
Jump to Postdo you mean websites built with ASP.NET, PHP
Yes, there are more like perl and Ruby for example. You can also think of differences in settings between IIS, Apache and TomCat. Then there's a difference in databases like MySQL, SQL Server, Postgres, SQLite etc.
All 5 Replies
pritaeas
2,194
¯\_(ツ)_/¯
Moderator
Featured Poster
Try multiple websites built with different technologies. Then you can compare how they differ in preventing such attacks.
Jenny12345
0
Newbie Poster
Hi thanks for your reply, when you say different websites with different technologies do you mean websites built with ASP.NET, PHP etc can you please elebortate on that
pritaeas
2,194
¯\_(ツ)_/¯
Moderator
Featured Poster
do you mean websites built with ASP.NET, PHP
Yes, there are more like perl and Ruby for example. You can also think of differences in settings between IIS, Apache and TomCat. Then there's a difference in databases like MySQL, SQL Server, Postgres, SQLite etc.
Jenny12345
0
Newbie Poster
What do you reckon would be the best way that I should demonstrate this? How can I find out which website use which technology? Since setting up different website built with diffrent technologies would be quite time consuming. sorry for all these questions :)
pritaeas
2,194
¯\_(ツ)_/¯
Moderator
Featured Poster
If you want to add complexity to your thesis it will always be more time consuming. I don't think there are any shortcuts if you want to demonstrate flaws in some technological solution.
Be a part of the DaniWeb community
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.