A framework for securing web applications against injection attacks using Blockchain technology

Abstract

Abstract

Web-applications of today are data-intensive. These applications have databases that store large amount of data, using almost SQL databases. On the other hand, such databases su er from lack of security. One of the most common attacks is the injection attack that jeopardize the con dentiality and security of Web sites and, as a consequence, the databases. Recently Blockchain technology is spreading and developing in a fast pace. According to researches, it is considered as one of the most secured among other technologies. In this research, we propose a framework to solve or mitigate SQL and NoSQL injections problem, the proposed framework is used for prevention and detection of injection using Blockchain technology and query command Tokenizer to check the validity and permission of the commands. Therefore, providing better level of security for data. Results of simulation showed that proposed solutions attain sensible detection rate for many types of injections. In addition, results showed that Blockchain can provide a promising technology that can participate in securing web applications and databases. Keywords: Ethereum smart contract, NoSQL injection, Query Tokenizer, SQL injection. Thesis Supervisor: Dr Ghassan Shahin Title: Assistant Professor