A Semantic Data Validation Service for Web Applications

An Input validation can be a critical issue. Typically, a little attention is paid to it in a web development project, because overenthusiastic validation can tend to cause failures in the software, and can also break the security upon web applications such as an unauthorized access to data. Now, it...

Descripción completa

Guardado en:
Detalles Bibliográficos
Autores principales: Aljawarneh,Shadi, Alkhateeb,Faisal, Al Maghayreh,Eslam
Lenguaje:English
Publicado: Universidad de Talca 2010
Materias:
Acceso en línea:http://www.scielo.cl/scielo.php?script=sci_arttext&pid=S0718-18762010000100005
Etiquetas: Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
id oai:scielo:S0718-18762010000100005
record_format dspace
spelling oai:scielo:S0718-187620100001000052018-10-12A Semantic Data Validation Service for Web ApplicationsAljawarneh,ShadiAlkhateeb,FaisalAl Maghayreh,Eslam Web Application Data Validation Vulnerabilities e-Commerce SQL injection Web system On the fly Data Tampering An Input validation can be a critical issue. Typically, a little attention is paid to it in a web development project, because overenthusiastic validation can tend to cause failures in the software, and can also break the security upon web applications such as an unauthorized access to data. Now, it is estimated the web application vulnerabilities (such as XSS or SQL injection) for more than two thirds of the reported web security vulnerabilities. In this paper, we start with a case study of the bypassing data validation and security vulnerabilities such as SQL injection and then go on to discuss the merits of a number of common data validation techniques. We also review the different solutions to date to provide data validation techniques in e-commerce applications. From this analysis, a new data validation service which is based upon semantic web Technologies, has been designed and implemented to prevent the web security vulnerabilities at the application level and to secure the web system even if the input validation modules are bypassed. Our semantic architecture consists of the following components: RDFa annotation for elements of web pages, interceptor, RDF extractor, RDF parser, and data validator. The experimental results of the pilot study indicate that the proposed data validation service might provide a detection, and prevention of some web application attacks.info:eu-repo/semantics/openAccessUniversidad de TalcaJournal of theoretical and applied electronic commerce research v.5 n.1 20102010-04-01text/htmlhttp://www.scielo.cl/scielo.php?script=sci_arttext&pid=S0718-18762010000100005en10.4067/S0718-18762010000100005
institution Scielo Chile
collection Scielo Chile
language English
topic Web Application
Data Validation
Vulnerabilities
e-Commerce
SQL injection
Web system
On the fly
Data Tampering
spellingShingle Web Application
Data Validation
Vulnerabilities
e-Commerce
SQL injection
Web system
On the fly
Data Tampering
Aljawarneh,Shadi
Alkhateeb,Faisal
Al Maghayreh,Eslam
A Semantic Data Validation Service for Web Applications
description An Input validation can be a critical issue. Typically, a little attention is paid to it in a web development project, because overenthusiastic validation can tend to cause failures in the software, and can also break the security upon web applications such as an unauthorized access to data. Now, it is estimated the web application vulnerabilities (such as XSS or SQL injection) for more than two thirds of the reported web security vulnerabilities. In this paper, we start with a case study of the bypassing data validation and security vulnerabilities such as SQL injection and then go on to discuss the merits of a number of common data validation techniques. We also review the different solutions to date to provide data validation techniques in e-commerce applications. From this analysis, a new data validation service which is based upon semantic web Technologies, has been designed and implemented to prevent the web security vulnerabilities at the application level and to secure the web system even if the input validation modules are bypassed. Our semantic architecture consists of the following components: RDFa annotation for elements of web pages, interceptor, RDF extractor, RDF parser, and data validator. The experimental results of the pilot study indicate that the proposed data validation service might provide a detection, and prevention of some web application attacks.
author Aljawarneh,Shadi
Alkhateeb,Faisal
Al Maghayreh,Eslam
author_facet Aljawarneh,Shadi
Alkhateeb,Faisal
Al Maghayreh,Eslam
author_sort Aljawarneh,Shadi
title A Semantic Data Validation Service for Web Applications
title_short A Semantic Data Validation Service for Web Applications
title_full A Semantic Data Validation Service for Web Applications
title_fullStr A Semantic Data Validation Service for Web Applications
title_full_unstemmed A Semantic Data Validation Service for Web Applications
title_sort semantic data validation service for web applications
publisher Universidad de Talca
publishDate 2010
url http://www.scielo.cl/scielo.php?script=sci_arttext&pid=S0718-18762010000100005
work_keys_str_mv AT aljawarnehshadi asemanticdatavalidationserviceforwebapplications
AT alkhateebfaisal asemanticdatavalidationserviceforwebapplications
AT almaghayreheslam asemanticdatavalidationserviceforwebapplications
AT aljawarnehshadi semanticdatavalidationserviceforwebapplications
AT alkhateebfaisal semanticdatavalidationserviceforwebapplications
AT almaghayreheslam semanticdatavalidationserviceforwebapplications
_version_ 1714202197990834176