dc.description.abstract | The growth of the internet in recent times has led to the spread of
information crimes in renewed and changing ways. Today almost all
organizations including the government of Kenya have improved their
performance through allowing more information exchange within and
without their organization using web support.
Databases are central to the modern websites as they provide necessary
data and store critical information such as user credentials etc. these
websites have been continuously targeted by highly motivated malicious
users to acquire their intentions.
Structured Query Language (SQL) injection and Cross Site Scripting Attack
(XSS) is perhaps one of the most common application layer attack techniques used
by hackers to deface websites, manipulate and/or delete the database contents
through inputting unwanted command strings and using session cookies.
SQL injection and XSS attacks are ranked as the two top most vulnerability
attacks by the Open Web Application Security Project (OWASP) top 10, 2013
vulnerability list and has resulted in massive attacks on a number of websites
including the government of Kenya ones recently.
Agent orientation is emerging as a dominant research area and also prevails as
a new paradigm constructing solutions to problems. Agents provide developers
and designers with a way of structuring applications around autonomous and
communicative elements
In this study, we present a system that uses multi-agents to detect both
SQL injection and XSS attacks vulnerabilities on web applications.
The system has been developed in Java programming language and
using Prometheus methodology as an Agent Oriented Software (AOS).
It will specifically target websites in development environment for
testing the vulnerabilities before being hosted in the production
environment. We have also incorporated the testing of already hosted
websites for the two vulnerabilities. Tests against a set of SQL
injection and XSS attacks show the effectiveness of the proposed
system to be used by web developers and owners of websites. | en_US |