Analysis and Design of Web Server Security Systems From XSS and CSRF Defacement

Authors

  • Muhd Iqbal Syiah Kuala University
  • Umam Farizan Syiah Kuala University
  • Rasudin Abubakar Syiah Kuala University

Keywords:

AIRIDS, web server, defacement

Abstract

This study aims to identify the signs of defacement in detail and design web-server security system Automatic Interactive Reactive Intuition Detection System (AIRIDS) method to maintain the confidentiality of data from irresponsible parties and improve the security and filtering of data traffic on the web-server. The method used in this research is network and webserver analysis method which is done by analyzing existing web-server and website that has been active using Acunetix wvs 10.5 software, method of attacking web-server system done with scenario I (web attack local defacement) and scenario II (outside defacement). The parameters observed are the web server security topology, the designed system, the prevention of XSS and CSRF as well as the installation of AIRIDS. The results show that the website and web-server prior to installation of AIRIDS can be attacked by defacing techniques and high-level web server vulnerabilities (high = 3), but after installation of web-server security system, website and web-server cannot be attacked with defacing technique and not get back gap that status high (high = 0). It can be concluded that the installation of web-server security system AIRIDS method can prevent and minimize the level of vulnerability of attacks on websites and web-server, but it also can prevent the leakage of confidential information.

References

Agarwal, BB and Tayal, SP 2009. Computer Network First Edition. University Science Press, USA.

Bartoli, A., Davanzo, G., Medvet, E. 2009. The reaction time to Web Site Defacements Internet Computing.

IEEE. University of Trieste, Italy.

Borgolte, K., Kruegel, C., and Vigna, G. 2013. Delta: Automatic Identification of Unknown Web-based Infection Campaigns. SIGSAC Conference on Computer and Communications Security (CCS), ACM.

Davanzo, G., Medvet, E. and Bartoli, A. 2011. Anomaly Detection Techniques for a Web Defacement Monitoring Service Expert Systems with Applications. Vol. 38 (10).

Madcoms. 2012. Computer Network System for Beginners 1. Edition Andi Publisher, Yogyakarta.

Medvet, E., Fillon, C., and Bartoli, A. 2007. Detection of Web Deficiencies by Means of Genetic Programming. Proceedings of the 3rd International Symposium on Information Assurance and Security, IEEE Computer Society.

Prasad, Prakhar. 2016. Catering Modern Web Penetration Testing. Packt Publishing, UK.

Purbo, OW, and Wiharjito, T. 2010. Internet Network Security. Elex Media Komputindo.

Sugiantoro, B., and Istianto, JE 2010. System Analysis of Intrusion Detection System (Ids) Security System, Database System and Monitoring System Using Moving Agents. National Seminar on Informatics for Computer Science Postgraduate Program at FMIPA UGM, Yogyakarta.

Downloads

Published

2018-12-31

Issue

Vol. 1 (2018): Proceedings of International Conference on Multidisciplinary Engineering (ICOMDEN)

Section

Articles

License

Copyright (c) 2025 Muhd Iqbal, Umam Farizan, Rasudin Abubakar

Creative Commons License

This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.

Copyright Notice

Authors published in this journal agree to the following terms:
1. The copyright of each article is retained by the author (s).
2. The author grants the journal the first publication rights with the work simultaneously licensed under the Creative Commons Attribution License, allowing others to share the work with an acknowledgment of authorship and the initial publication in this journal.
3. Authors may enter into separate additional contractual agreements for the non-exclusive distribution of published journal versions of the work (for example, posting them to institutional repositories or publishing them in a book), with acknowledgment of their initial publication in this journal.
4. Authors are permitted and encouraged to post their work online (For example in the Institutional Repository or on their website) before and during the submission process, as this can lead to productive exchanges, as well as earlier and larger citations of published work.
5. Articles and all related material published are distributed under a Creative Commons Attribution-ShareAlike 4.0 International License.