Code Injection in Web applications

Abstract

Code injection is the most critical threat for the web applications. The security vulnerabilities have been growing on web applications. With the growth of the importance of web application, preventing the applications from unauthorized usage and maintaining data integrity have been challenging. Especially those applications which an interface with back-end database components like mainframes and product databases that contain sensitive data can be addressed as the attacker’s main target.

The main objective of this thesis is to describe the types of code injection such as SQL injection, XML injection, XPath injection, LDAP injection and File Inclusion Injection. This thesis demonstrates the vulnerability of web applications by penetrating queries through user input. It also provides security measures to avoid such attacks.

In this thesis testing was done using the WampServer and Xampp server on a localhost. A browser Adson tamper data was used. Vulnerable web applications are used to highlight the vulnerabilities. Web application were tested using different injection techniques. The result of the test proved that a successful injection can do serious damage to the database and the whole system.