Mitigation of cyber-attacks on web applications
Date:
- Proposed and implemented the use of a policy-based proxy server to tackle SQL injection (SQLi) and Cross Site Scripting (XSS) attacks on web applications.
- Developed two versions of a web application for banking purposes. One version made use of a proxy server while the other version didn't.
- The proxy server receives and analyzes each request received from the client. It consists of a set of policies that determine whether a request is likely to cause an SQLi or XSS attack.
- If a request is likely to cause an attack, it is either sanitized or terminated before sending it to the main server.
- In the absence of a proxy server, the requests are directly sent to the actual server.
- The two versions of the application were used to demonstrate teh effectiveness of the proxy server in tackling different types of attacks.