Detecting and Preventing SQL Injection and XSS Attack using Web Security Mechanisms

In this paper we proposed a system prototype tool to evaluate web application security mechanisms. The methodology is based on the idea that injecting realistic vulnerabilities in a web application and attacking them automatically can be used to support the assessment of existing security mechanisms and tools in custom setup scenarios. To provide true to life results, the proposed vulnerability and attack injection methodology relies on the study of a large number of vulnerabilities in real web applications. To remove the vulnerabilities by implementing a concrete Vulnerability & Attack Injector Tool (VAIT) for securing web applications. To prevent various attacks like follows: 1. SQL Injection (SQLi) 2. Cross Site Scripting (XSS) 3. Brute Force Attack 4. Shoulder surfing Attack 5. Social Attack. 6. Dictionary Attack