Cloud computing has witnessed increase in the number of customers over the past decade. Securing cloud applications has become primary concern for cloud service providers and customers. Verizon reported that cloud assets were involved in 24% of the data breaches in 2020. OWASP Top 10 application security risks have listed injection attack at the first position. Injection attack is a type of active attack in which malicious code is embedded in a request query and sent to the back-end database. The attack vectors are URL bar of the web browser or input box in the web page. The impact of injection attack ranges from bypassing authentication to disclosure of confidential database records. The aim of this proposal is to develop a prototype to detect injection attack for cloud applications. The key research challenges are to detect malicious code injection attacks, to identify key events for timeline analysis and to flag exfiltration attempts for database logs.
Department of Computer Science Engineering, School of Engineering, Bengaluru
Python, Data analysis, Shell Scripting
Assistant Professor,
Department of Computer Science and Engineering,
School of Engineering,
Amrita Vishwa Vidyapeetham, Bengaluru
