Proactive Security Framework for Online Business Web Portals with Implementation Details

Year 2014, Volume: 3 Issue: 2, 156 - 164, 28.06.2014

Hemraj Saini

Abstract

Most of the critical information is stored or travelled throughout the Internet and prone to cyber threats all the time. The current manuscript provides a process to develop and implement an automated proactive security framework to alert/avoid such cyber threats for the critical online information. In addition, it also describes a feasibility study towards the adoption of the proposed process by the current user community with favorable results.

The proposed work is able to help for the development of security add-ons to almost all the embedded software applications for the better secured services to the users.

Keywords

Cyber defense , SQL injection , Automated Security Framework , Design Methodology , Feasibility Study

References

• H. Saini and T. C. Panda, “Extended Cyber Defense Architecture for a University –A Case study”, The IUP Journal of Science & Technology, 6(2):33-47, 2010.
• H. Saini and D. Saini, “Proactive cyber Defense and Reconfigurable Framework of Cyber Security”, International journal named International Review on Computer and Software (IRECOS), 2(2):89-97, 2007.
• S. Bayat, R.H.Y. Louie, Z. Han, B. Vucetic and Y. Li, “Physical-Layer Security in Distributed Wireless Theory”, Networks Information Forensics and Security, IEEE Transactions on, Volume: 8, Issue: 5, pp.- 717-732, 2013.
• E. Harrin, “Taking a Layered Approach to IT Security”, Retrieved April, http://www.esecurityplanet.com/network-security/taking- a-layered-approach-to-it-security.html Available at: I. Lien, Y. Lin, J. Shieh and J. Wu, “A Novel Privacy Preserving Location-Based Service Protocol with Secret Circular Shift for k-NN Search”, Information Forensics and Security, IEEE Transactions on , Volume: PP , Issue: 99, 2013, DOI: 10.1109/TIFS.2013.2252011.
• H. Saini, K. D. Sharma, P. Dadheech and T. C. Panda, “Enhanced 4-way Handshake Process in IEEE802.11i with Cookies”, International Journal of Information & Network Security (IJINS), 2(3), pp. 229~238, 2013.
• L. Sankar, S. Rajagopalan and H. Poor, “Utility-Privacy Tradeoff in Databases: An Information-theoretic Approach”, Information Forensics and Security, IEEE Transactions on,Volume: PP , Issue: 99, pp.-1-15, 2013.
• J. Han, W. Susilo, and Y. Mu, “Identity-Based Secure Distributed Data Storage Schemes”, Computers, IEEE Transactions on, Volume: PP , Issue: 99, 2013, DOI: 10.1109/TC.2013.26.
• H. Saini, B. K. Mishra and T. C. Panda, “Computing the Spreading Power of a Business Portal to Propagate the Malicious Information in the Network”, International Journal of Web Protals, 3(2), 14-22, 2011.
• B. Simic and J. Walden, “Eliminating SQL injection and cross site scripting using aspect oriented programming”, Proceedings of the 5th international conference on Engineering Secure Software and Systems (ESSoS'13), Jan Scandariato (Eds.). Springer-Verlag, Berlin, Heidelberg, 228, 2013. Livshits, and Riccardo
• V. Shanmughaneethi, R. Yagna Pravin, C. Emilin Shyni and S. Swamynathan, “SQLIVD - AOP: Preventing SQL Injection Programming through Web Services”, A Mantri et al. (Eds): HPAGC 2011, CCIS 169, pp.-327-337, 2012,
• Springer-Verlag, Berlin, Heidelberg. Aspect Oriented Z. M. Jiang, A. Avritzer, E. Shihab, A.E. Hassan and P. Flora, “An Industrial Case Study on Speeding Up User Acceptance Testing by Mining Execution Logs”, Secure Software Integration and Reliability Improvement Conference on , OI: 10.1109/SSIRI.2010.15 , Page(s): – 140. Fourth International
• L. Yu, W. Di X. Zhao, C. Kong, W. Zhao, Q. Wang and J. Zhu, “Towards Call for Testing: An Application to User Acceptance Testing of Web Applications”, Computer Software and Applications Conference, COMPSAC '09. 33rd Annual IEEE International, Volume: 1, DOI: 10.1109/COMPSAC.2009.31, Page(s): – 171, 2009. R. K. P. Leung and W. L. Yeung, from
• “Generating User Acceptance Test Plans Test Cases”, Computer Software and Applications Conference, 2007. COMPSAC 2007. 31st Annual International,
• DOI: 10.1109/COMPSAC.2007.125, Page(s): 737 - 742. Volume: ,
• All about UAT, Retrieved on 30th April, 2013, Available at: http://www.guru99.com/user-acceptance-testing.html
• C. J. Date, “An Introduction to Database Systems”, Addison-Wesley Professional, 2003, Ed. 8 th, ISBN:
• Jeffrey D. Ullman and Jennifer D. Widom, “Database Systems: The Complete Book”, Prentice Hall, 2008, Ed. nd, ISBN: 0130319953. Appendix-I: index.php if(isset($_GET['info']) && $_GET['info']=="logout") { session_start(); session_destroy(); } if(isset($_POST['submit']) &&
• //$headers .= 'From:'.$EmpMialId."\r\n"; $subject= 'Cyber Defense Alert'; $headers .= 'From:'.$sender."\r\n"; mail($to,$subject,$message,$headers); ?> Appendix-V: hsms.php <?php $api='http://www.nettechsms.comule.com/sms/send.php?s end=true'; $uname='9337590003'; $gateway='160by2'; $pass='nettech'; $to='9668144556';
• $msg='Alert: Someone is trying to hack the Website. Check Mail for more details.'; $msg=str_ireplace(" ","%20",$msg); $link=$api."&user=".$uname."&pass=".$pass."&to=".$to. "&msg=".$msg."&gateway=".$gateway; $sms = file_get_contents($link); if($sms) { //echo 'sms done'; } ?> Appendix-VI: connect.php <?php $username="a2157854_syber"; $password="syber123"; $database="a2157854_syber";
• //$headers .= 'From:'.$EmpMialId."\r\n"; subject= 'Cyber Defense Alert'; $headers .= 'From:'.$sender."\r\n"; mail($to,$subject,$message,$headers); ?> Appendix-VIII: alreadybsms.php $msg='Alert: Website is being accessed from a blocked IP. Check Mail for more details.'; { //echo 'sms done'; }