THE ISC INTERNATIONAL JOURNAL OF INFORMATION SECURITY
Year:2021 | Volume:13 | Issue:3|Papers Count:8

The functionality of a web-based system can be a ected by many threats. In fact, web-based systems provide several services built on databases. This makes them prone to Structured Query Language (SQL) injection attacks. For that reason, many research e orts have been made to deal with such attacks. The majority of the protection techniques adopt a defense strategy which results to provide, in extreme response time, a lot of positive rates. Indeed, attacks by injecting SQL are always a serious challenge for the web-based system. This kind of attack is still attractive to hackers and it is in growing progress. For that reason, many researches have been proposed to deal with this issue. The proposed techniques are essentially based on a statistical or dynamic approach or using machine learning or even deep learning. This paper discusses and reviews the existing techniques used to detect and prevent SQL injection attacks. In addition, it outlines challenges, open issues, and future trends of solutions in this context.

Web application protection is today's most important battleground between the victim, intruder, and web service resource. User authentication tends to be critical when a legitimate user of the web application abruptly ends the contact while the session is still active, and an unauthorized user chooses the same session to gain access to the device. For many corporations, risk detection is still a problem. In other cases, it is a usual way of operating that provides the requisite protection to keep the product free of weaknesses. Using various types of software to identify di erent security vulnerabilities assists both developers and organizations in securely launching applications, saving time and money. Di erent combinations of tools have been seen to enhance protection in recent years, but it has not been possible to combine the types of tools available on the market until the writing of this report. This paper aims to clarify vulnerabilities in broken authentication and session management. It is worth noting that if the creator practices the preventive techniques outlined in this article, the chances of exploitation being discussed are reduced. This paper revealed that the most powerful ways to exploit the Broken Authentication and Session Management vulnerabilities of the web application in those domains are Session Miscon guration assault and Cracking/ Guessing Weak Passwords. Correspondingly included techniques to defend authentication and the most important is using a robust encryption system, setting password rules, and securing the session ID.

In the present time, web applications are growing constantly in the whole society with the development of communication technology. Since the utilization of WWW (World Wide Web) expanded and increased since it provides many services, such as sharing data, staying connected, and other services. As a consequence, these numerous numbers of web application users are susceptible to cybersecurity breaches to steal sensitive information or crash the users' systems, etc. Particularly, the most common vulnerability today in web applications is the Cross-Site Scripting (XSS) attack. Furthermore, online cyber attacks utilizing cross-site scripting were responsible for 40% of the attack instances that struck enterprises in North America and Europe in 2019. Therefore, cross-site scripting is a form of an injection that targets both vulnerable and non-vulnerable websites, for the injection of malicious scripts. Cross-site scripting XSS operates by directing users to a vulnerable website that contains malicious JavaScript. Then, when malicious code runs in a victim's browser, the attacker has complete control over how they interact with the application. To protect the website or prevent the XSS, must know the application complexity and the way it handles data must be known so it could be controlled by the user. However, Detecting XSS e ectively is still a work in progress, and XSS is considered a gateway for various attacks. However, in this paper, we will introduce the XSS attack and the forms of XSS as a review paper. In addition, the methods and techniques that help to detect cross-site scripting (XSS) attacks.

Recently, the interest in cybercrime and cybersecurity has increased dramatically both in terms of critical security issues and national economic information infrastructure and sensitive dealing policies, such as protection and data privacy. Moreover, the growing threat of cybersecurity has prompted the kingdom to pay more attention to its national cybersecurity strategy as the state embarks on a Vision 2030 plan, which aims to diversify the economy and create new jobs. Therefore, Any Computer system is always having security threats which are considered a big problem, and this includes application Codes as increasing demand. The paper aims to give detailed information about secure coding with Python and present security guidelines and considerations in di erent disciplines. It focuses on giving an overview of the authentication methods used in the application (Code) and showing program security mistakes to introduce vulnerabilities (Ex. SQL Injection). We review the new user authentication techniques, making it easier for the manager to choose the appropriate techniques for his organization by understanding the way it works, its advantages, and disadvantages. The administrator can integrate these mechanisms in a manner that is appropriate for his security plan. This will be useful for programmers and users to keep their codes and applications more secure and viable for usage in sensitive environments.

Date fruits are considered essential food and the most important agricultural crop in Saudi Arabia. Where Saudi Arabia produces many types of dates per year. Collecting large data for date fruits is a di cult task and consumed time, besides some of the data types are seasonal. Wherein the convolutional neural networks (CNN) model needs large datasets to achieve high classi cation accuracy and avoid the over tting problem. In this paper, an augmented date fruits dataset was developed using deep convolutional generative adversarial networks techniques (DCGAN). The dataset contains 600 images for three varieties of dates (Sukkari, Suggai, and Ajwa). The performance of DCGAN was evaluated using Keras and MobileNet models. An extensive simulation shows the classi cation using DCGAN with the MobileNet model achieved 88% of accuracy. Whilst 44% for the Keras. Besides, MobileNet achieved better classi cation in the original dataset.

Digital forensics is a process of uncovering and exploring evidence from digital content. A growth in digital data in recent years has made it challenging for forensic investigators to uncover useful information. Moreover, the applied use of cloud computing has increased signi cantly in the past few years and has introduced new challenges to forensic experts. Cloud forensics assists organizations that exercise due diligence and comply with the requirements related to sensitive information protection, maintain the records required for audits and notify concerned parties when con dential information is compromised or exposed. One of the problems with cloud forensics is the limitation of cloud forensic models and guidelines. This project aims to propose a new cloud forensic model that will help investigators and cloud service providers achieve digital forensic readiness within the cloud environment. To achieve this goal, we have studied and compared di erent forensic process models to determine their limitations. Based on the results of this comparative study, a new cloud forensic framework{ Forensic-enabled Security as a Service (FESaaS) is presented. The security and forensic layers are aggregated to discover evidence in the proposed framework. Compared to other cloud forensic frameworks, our framework deals with live data, reports, and logs. Thus, it is su cient and provides the capability for rapid response.

The Open Web Application Security Project (OWASP) is a nonpro t organization battling for improvements in software protection and enhancing the security of web applications. Moreover, its goal is to make application security \accessible" so that individuals and organizations can make educated decisions about security threats. The OWASP is a repository of tools and standards for web security studies. OWASP released an annual listing of the top 10 most common vulnerabilities on the web in 2013 and 2017. This research paper proposed a comprehensive study on Components with known vulnerabilities attack, which is the ninth attack (A9) among the top 10 vulnerabilities. Components with known vulnerabilities are the third-party components that the focal system uses as authentication frameworks. Depending on the vulnerability it could range from subtle to seriously bad. This danger arises because the app's modules, like libraries and frameworks, are almost always run with the highest privileges. If a compromised aspect is abused, the hacker's task of causing signi cant loss of information or server takeover is easier.

Tracking or taking care of elderly people when they live alone is a much more challenging area. Because most aged people su er from some health issues like Alzheimer's, diabetes, and hypertension, in case happening any abnormal activity or any emergency since they live alone and there is no one around them to o er any support, one of the best choices to care mature people is focusing on smart home technology. Also, one of the essential keys to expanding smart home technology is monitoring, detecting, and recognizing human activities called Ambient Assisted Living (AAL) applications. Nowadays our world highly focuses on a smart system because the smart system can learn habits, and if it  nds any problem or any abnormal happenings, it can take automated decisions for residents for example, by learning cooking time, the system can prepare the oven, and by learning spare time which the resident spend for watching, the system can prepare the TV also put it to a favorite channel for the residents. To do this, a new and existing established machine learning and deep learning approaches are required to be estimated the system focusing on using real datasets. So, this study presents machine learning to analyze activities of daily living (ADL) in smart home environments. The data sets were collected from a set of binary sensors installed on two houses. This study used public data sets for detecting and recognizing human activities, the data set was tested based on machine learning classi cation especially Support Vector Machines (SVM) was applied as the traditional neural network also for deep learning (1-Dcnn) as Convolutional Neural Network (CNN), Long Short-Term Memory (LSTM) as Recurrent Neural Network (RNN) and was used. Also, sliding window (windowing) was used in the preprocessing phase, the study concludes that all used algorithms can detect some activities perfectly, and on the other hand they can't predict all activities perfectly especially those activities that take short-time, the main key for this situation is imbalanced data.