SQL Injection& XSS Attacks: An In-Depth Explanation Method of Exploiting Attack and Prevention Technique in Asp.Net Web Application

During the last few decades use of web and database applications extend to a large extent. With the increase in use of the web based applications there was also increase in use of online database applications. When there is growth in one technology the associated problems also arises. Out of many problems and threats to the database applications one potential problem is of SQL injection. It is a code injection technique, used to hack data- driven applications, in which malicious SQL codes are inserted into an entry field for execution. It is one of the many web attack mechanisms used by attackers to steal data from organizations. SQLIAs is a type of attack that takes advantage of improper coding of your web applications that allows attacker to inject SQL statements into say a login form to allow them to gain access to the data held within your database. This type of attacks arises because the fields available for user input allow SQL statements to pass through and query the database directly. This type of attack can compromise confidentiality and integrity of information in databases. Actually, an attacker pokes to the web application database and consequently, access to data. For stopping SQLIAs different approaches have been proposed by researchers but they are not enough because that implemented approaches cannot stop all type of attacks. Another attack which is also very harmful for web based application i.e. XSS (Cross Site Scripting) attack. Cross Site Scripting attacks occur when a hacker uses a web application to send malicious code in the form of a browser side script, to a different end user. A hacker can use XSS to send a malicious script to an unsuspecting user. The end user"s browser will execute the script like a trusted script because there is no way to know that the script should not be trusted. The reason is that an end user thinks the script came from a trusted source; the malicious script can access session tokens, cookies, or any sensitive information retained by the browser. Cross Site Scripts can even rewrite the content of the HTML page. In this work I have studied all about SQLIAs and XSS attacks. All type of different techniques which can defect or prevent them is presented. Many solutions were also proposed with passage of time. The proposed solution which I have given in this work can prevent from XSS and SQL Injection attacks. This is very helpful for developers those are working in an organization. I have proposed a layered architecture technique which is not exactly 3 layer architecture but this is much enough to prevent from XSS and SQLIAs.