Proc.
of the International Conference on Electrical, Computer and Energy Technologies (ICECET)
A Novel System for Detecting and Preventing SQL
Injection and Cross-Site-Script
Petros Tanakas
Computer Engineering & Computer Engineering & Informatics
2021 International Conference on Electrical, Computer and Energy Technologies (ICECET) | 978-1-6654-4231-2/21/$31.00 ©2021 IEEE | DOI: 10.1109/ICECET52533.2021.9698688
Informatics Department
University of Patras University of Patras
Patras, Greece
[email protected]
[email protected]
[email protected]
Abstract— SQL Injection and Cross-Site Scripting are the two
most common attacks in database-based web applications. In this
paper we propose a system to detect different types of SQL injection
and XSS attacks associated with a web application, without the
existence of any firewall, while significantly reducing the network
overhead. We use properly modifications of the Nginx Reverse Proxy
protocols and Suricata NIDS/ IPS rules. Pure work has been done
from other researchers based on the capabilities of Nginx and
Suricata and our approach with the experimental results provided in
the paper demonstrate the efficiency of our system.
Keywords-— SQL Injection, Cross Site Script, Reverse Proxy,
Network Intrusion Detection System (NIDS), Intrusion Prevention
System (IPS)
I. INTRODUCTION
The ubiquity of Information and Communication
Technologies (ICT) has led to high security risks and the
number of successful penetration efforts against the security of
critical infrastructures. The perpetrators’ goals are, commonly,
the destruction, alteration and unauthorized use of data and
computing resources. The consequences of such actions can
cause significant damage to computer systems and to data
integrity, as well as pose risks to user’s privacy.
Malware, which is one of the most frequently used attack
technique, mainly targets application and system
vulnerabilities. In cyber security terminology, a vulnerability is
a weakness that can be exploited by a malicious entity, such as
an attacker, to gain unauthorized access or perform
unauthorized actions on ICT Infrastructures. Vulnerabilities
can be exploited by a variety of methods [1, 2].
The programming language using which everyone interact
with databases is the SQL (Structured Query Language). SQL
derives from relational algebra and was designed to define data
(DDL- Data Definition) and to manipulate data (DML- Data
Manipulation) in databases management systems [13]. The
reserved statements of the SQL operates either as DDL and
DML manner depending on the intention of the developer.
As one of the most common security vulnerabilities via
web, SQL injection attacks cannot be ignored [7]. SQL
injection vulnerabilities compromise the protection of web
978-1-6654-4231-2/21/$31.00 ©2021 IEEE
Authorized licensed use limited to: University of Hyderabad IG Memorial Library. Downloaded on November 11,2022 at 06:38:45 UTC from IEEE Xplore. Restrictions apply.
9-10 December 2021, Cape Town-South Africa
Aristidis Ilias Nineta Polemi
Department of Informatics
Department University of Piraeus
Piraeus, Greece
Patras, Greece
applications, the entire database and system/ network
infrastructure that hosts these applications. In OWASP Top 10
for 2010, OWASP Top 10 for 2013, and OWASP Top 10 for
2017, SQL injection was ranked, three times, as the top
challenge to Web application systems. [3]
XSS is an original form of injection code that can exploit
an application’s output function that references poorly sanitized
user input [6]. XSS is the second most common issue in
OWASP Top 10 and is found in two out of three of all
applications. SQL injection aims to create a query for execution
in the database, while the XSS exploits vulnerabilities in the
HTML execution that sends data to the browser.
The purpose of XSS attacks is to inject special characters
that can affect Web browser interpreters so that they will
recognize the text as a code object. For example, when an
HTML page references a user input as data, an attacker might
include the tag <script>, which can invoke the JavaScript
interpreter.
Success of a XSS attack depends on the lack of character-
specific filters in the web application, allowing the attacker to
take advantage of exploits, such as account hijacking, cookies
poisoning, denial of service (DoS), and Web content
manipulation [6]. Typical input sources that attackers
manipulate include HTML forms, cookies, URLs, and external
files. Attackers often favor JavaScript, but other kinds of client-
side scripts such as VBScript and Flash, which browsers can
interpret, could cause XSS.
In this paper we will present a system to efficiently detect
and prevent SQL injection and XSS vulnerabilities and the
corresponding attacks [1, 2]. The purpose is to analyze
cybersecurity attacks based on SQL Injection and XSS.
Towards this purpose, a system for detecting and preventing
these attacks is proposed and evaluated. Our proposed system
is based on the use of properly modified the necessary and
appropriate protocols of Nginx Reverse Proxy and rules
Suricata NIDS/ IPS. The experimental results evinced the
completed success of the proposed system. The combination of
component of our system can detect different types of attacks
(SQL injection and XSS) associated with a web application,
 without existence of any firewall, while significantly reducing
the network overhead.
Nginx used by 38% of sites, and it enables to have both a
web server and a reverse proxy [1, 2]. It is widely used because
it provides great convenience to users for customization.
Suricata provides both signature base and anomaly base
detection. There is no corresponding work, with experimental
results. Very little work has been done much more with
experimental results, which highlights the possibilities in a
combined architectural approach for detecting and preventing
SQL Injection and Cross-Site-Script.
II. RELATED WORK
Attempts have been made at the level of programming
languages for treatment the SQL vulnerabilities, using PHP
Data Object (PDO) and Prepared Statement to connect to the
database SQL statements via Web forms. The experimental
research of these approaches highlighted that SQL injection
attacks were not traceable from the PHP Data Object and
Prepared Statement of websites. Additionally, interconnected
websites to the initial infected website are vulnerable and
unfortified into SQL Injection using PHP approaches [4, 5].
Many auxiliary programming tools and algorithmic techniques
based on grammatical and structural patterns (i.e. syntax trees)
for discovering vulnerabilities in SQL injection attacks were
tried on [4, 7]. A Gap Weighted String Subsection Algorithm
for detecting correct and safe SQL statements based on the
extraction properties of a string match, used training and testing
to detect and prevent the SQL injections dynamically [4].
Reverse proxy server placement was used between the
client and the web server. The reverse proxy server runs a tool
for detecting and preventing infected user’s requests to the web
server. There is installed a tool that works as a valuator based
on attack vector repository consisting of some special symbols,
often found in malicious code for SQL Injection. If the user’s
HTTP request contains these special symbols, redirects the
request from the web server to reverse proxy server, without
executes them on the web server. If a request is proved valid, is
released to the web server, otherwise it is blocked [5].
Several works [6] focused on snort IDS to detect network
probe attack, such as Denial-of-Service (DOS), XSS, etc. IDS
detect anomalies using signature attack; it contains rules for
each type of vulnerability, necessary to update with new threats.
It is possible to split the traffic between sensors using any
dedicated policy and mechanism. Data collected for checking,
usually lead to Nmap [9, 16, 18].
Another approach for accurate SQL injection detection
based on machine and deep learning techniques, was shown as
effective, and practical, but require access to log trusted and
correct data, which are not always available [8].
The innovation of our work is the combination of SQL
Injection and Cross-Site-Script (XSS) using the Reverse Proxy
(Nginx) and Suricata NIDS/ IPS tools for improving the
effectiveness of detecting and preventing cybersecurity risks.
Authorized licensed use limited to: University of Hyderabad IG Memorial Library. Downloaded on November 11,2022 at 06:38:45 UTC from IEEE Xplore. Restrictions apply.
III. SQL AND XSS ATTACKS MECHANISMS
A. SQL Injection
SQL (Structured Query Language) is a programming
language used to query a database. SQL is based on relational
algebra and was designed to manage data in a Relational
Database Management System (RDBMS) [13]. Some of the
most essential SQL commands are CREATE, INSERT,
UPDATE, DELETE, SELECT and DROP.
SQL Injection refers to a category of injection attacks where
the data provided by the user are included in an SQL query. The
purpose of this query is to acknowledge the user input as a SQL
code. Utilizing this vulnerability, an attacker could submit SQL
commands directly to the database. These attacks are some of
the most serious threats to any Web application that takes data-
input from users and integrates it into SQL queries. Most web
applications work as mentioned above and therefore could be
vulnerable to SQL injection attacks.
Fig. 1. SQL Injection examples
As shown in Figure 1 the user in the login form of the web
application injects the code “1' or '0'='0”. This SQL attack is
based on the data tautology and its introduction produces the
following query:
“ SELECT * FROM users WHERE login=1’ or ‘0’=’0 AND
pass=’’ AND pin= “
With the above query, code is injected under the condition
OR 0 = 0, converting the entire WHERE term into a tautology.
The database uses the above condition as a basis for evaluating
each line and deciding which ones to return to the application.
Because the condition is based on a tautology, the query is
evaluated as true for each row in the array, resulting in a return
all the rows (records) in the database table.
In this attack the returned set is evaluated at a non-zero value,
which makes the application conclude that the user
authentication was successful. This attack causes the application
to call the method, which returns a table with all the records in
the database.
B. Cross-Site-Script
Cross-site Scripting (XSS) is a security vulnerability where
an attacker injects code into a web page. XSS attacks are
performed in VBScript, ActiveX, Flash, CSS, however they are
 more common in JavaScript [14]. During the XSS attack browser. Figure 2 presents an example of DOM XSS. It shows
process, the attacker injects code into the application, so that this the results when the attacker deceives the user. An example of
code is executed in the browser of the user who visits the hacked this is sending a well-formed email which includes a link to a
or bogus website. malicious script. When the user runs an attacker’s link with
malicious XSS script, this request is sent to the Web Application
One of the most important consequences of this type of Server. The Web application receives the request and replies
attacks is bypassing applications’ access controls or policies, with malicious script. When the process is completed, the
such as the Same-Origin Policy. The results of these attacks can malicious script will be executed on the user’s browser. The
range from a minor change to the web application that may result of this process is the following: when the user’s browser
affect a user experience to more serious consequences, with executes the malicious script, cookies with sensitive data are
severe impact on users, depending on the sensitivity of the data sent to the attacker’s server.
handled by the vulnerable web application.
XSS attacks fall into three broad categories: non-permanent,
permanent, and Document Object Model (DOM) attacks. The
first two categories, the non-permanent and the permanent, are
usually called traditional and are caused by the server. While
DOM XSS attacks are more complex and result from the user-
side (client-side).
Stored or persistent XSS attacks occur when the attacker
injects script on the target server, such as in a database, in a
message forum, in a visitor log, in a comment field, etc. The
purpose of this action is to store the malicious code of XSS. The
server includes the injected script from the database in response
and sends it to the user’s browser. With the advent of HTML5
and other browser technologies, attack payloads are
permanently stored in the victim's browser, such as an HTML5
database, and are never sent to the server [11]. Fig. 2. DOM Cross-Site-Script examples

Reflected or nonpersistent XSS occurs when web There are many ways to deal with these attacks. In the next
application server does not have proper sanitation. An example chapter we will present our approach.
of non-proper sanitation is when the server accepts all the input
contexts from users. Therefore, improperly checking the data IV. THE PROPOSED SYSTEM
entered by the user can lead to these attacks. Our proposed system to enhance the detection and
In Reflected XSS, the attacker creates a URL containing a prevention of SQL and XSS attacks combines the use of a
malicious script and sends it to the user browser via email or properly modified the necessary and appropriate protocols of
through a neutral website. The attacker deceives the user to run Nginx Reverse Proxy and rules Suricata NIDS/ IPS in order to
the attacker’s link with malicious XSS script and to send the find SQL injection and XSS vulnerabilities.
request to the Web Application Server. Subsequently, the web
application contains the malicious script from the URL in the
reply. The result of this process is to execute malicious script on
the user’s browser and to send users cookies to the attacker's
server.
DOM Based XSS as defined by Amit Klein [17] is an XSS
format based on the DOM model and was created by the
development of Web 2.0 applications. DOM-based attacks are
performed during processing of user-executed content. This can
lead to the insertion of the malicious script into the JavaScript
code that runs on the user's browser.
DOM XSS attacks are named by the Document Object
Model (DOM), that represent the way of HTML or XML
objects. There are many ways to prevent these attacks and there
are similar to other XSS attacks (Stored and Reflected). These
are mainly based on the correct configuration of the JavaScript
code that exists within web pages. In addition, there are several
JavaScript frameworks for dealing with this type of attack and
similar others (e.g. the Angular framework).
DOM XSS is one of the most dangerous XSS attacks
because it explores successfully sensitive data from victim’s Fig. 3. Τhe architecture of the proposed system

Authorized licensed use limited to: University of Hyderabad IG Memorial Library. Downloaded on November 11,2022 at 06:38:45 UTC from IEEE Xplore. Restrictions apply.
 Figure 3 shows the main components and their operation of Facebook, Target, Citrix Systems , Twitter, Apple, Intel and
the proposed system: when the user logs in, the request is sent many others [12].
to the Nginx proxy server; the proxy server checks if the request
Based on the publication of Netcraft, we notice that NGINX
meets all the prerequisites, protocols, filters and conditions that
Plus and NGINX are the most popular web servers and
we have set; finally it sends the request to the appropriate
application delivery solutions used by major websites, such as
database. If the conditions are not met, a corresponding error is
Dropbox, Netflix and Zynga. More than 400 million websites
returned.
worldwide rely on NGINX Plus and NGINX Open Source to
When the request is sent from the proxy server to the deliver their content quickly, reliably, and securely.
database, the Suricata NIDS/IPS checks if the request respects
The Nginx reverse proxy in Linux environment was used to
all the rules that have been activated. If a rule is violated, the
implement the proposed system. Because Nginx does not
connection process is terminated, a corresponding error is sent,
support PHP script execution, PHP-FPM (PHP-FastCGI process
and the administrator is informed. If all rules are observed, the
manager) was used. CGI communicates to the shared gateway
connection process, with the dispatch of the request to the
interface, which acts as an interface between the web server and
database, continues. Α crucial feature of Suricata NIDS/IPS is
dynamic content servers. It listens to a port, such as the web
the combined use of a signature base and a statistical anomaly
server itself does, and passes the request between PHP and the
base. Consequently, for the duration of the connection between
web server.
the client and the web application the Suricata NIDS/IPS checks
for any statistical anomaly alerting, if necessary, the After completing the installation, we modified the Nginx
administrator. configuration file accordingly, introducing the appropriate
protocols to prevent SQL injection and Cross-Site-Script (XSS)
The application was used to test the proposed system is the
attacks.
Damn Vulnerable Web App (DVWA). Damn Vulnerable Web
App (DVWA) is a Web application in PHP / MySQL. The tools
used to test the proposed system are:
 Nginx Reverse Proxy;
 To run a PHP script was used PHP-FPM (PHP-FastCGI
process manager);
 Suricata (IDS και IPS);
 Damn Vulnerable Web App (DVWA);
 MySQL 5.2 Database (MariaDB).
The environment used to implement the system is kali-linux-
2021.1-amd64.
A. Reverse Proxy
A reverse proxy server, as shown in Figure 3, is located in
front of a web server and receives all requests before they reach
Fig. 4. Reverse Proxy Protocol execute.
the source server. This server works similar to a forward proxy
server [12]. Reverse proxies are commonly used in a Web Server Αs shown in the above code we used a feature of Nginx to
to improve: accept the command “if”. In this case we used the “if” command
 Processing, by checking the parameters $query_string, $request_uri, and
$uri and returning the suggested error (we use error 444).
 Security, Therefore, the above code works like the definition of the
 Reliability. protocols in a firewall.

As mentioned earlier, in our system we used Nginx Reverse
Proxy. Nginx is open-source software for web applications,
reverse mediation, caching, load balancing, media streaming,
and more. In addition to the HTTP server capabilities, NGINX
can also act as an email proxy server (IMAP, POP3 and SMTP)
and as a reverse load proxy and balance server for HTTP, TCP
and UDP servers.
Nginx was originally created by Igor Sysoev, with its first
public release in October 2004. Some of the most well-known
companies that use Nginx are Autodesk, Atlassian, Intuit, T-
Mobile, GitLab, DuckDuckGo, Microsoft, IBM, Google,
Adobe, Salesforce, VMWare, Xerox, LinkedIn, Cisco,
As soon as the import of the appropriately modified
protocols is completed, the XSS filter suggested by OWASP is
introduced which is present in all modern web browsers such as
Chrome, IE and Safari. This filter stops loading pages when they
detect XSS attacks by blocking full-page download.
B. Suricata NIDS/ IPS
An Intrusion Detection Systems (IDS) is an event monitoring
and analysis system. This can be either a device, or a software
application that monitors a network, or systems for detecting
malicious activity. Any intrusion or breach activity is usually
reported either to the administrator or collected centrally using a
Security and Event Management Information System (SIEM).

Authorized licensed use limited to: University of Hyderabad IG Memorial Library. Downloaded on November 11,2022 at 06:38:45 UTC from IEEE Xplore. Restrictions apply.
 A SIEM system combines outputs from multiple sources and
uses alarm filtering techniques to distinguish malicious activity
from false alarms [13, 14].
IDSs are used in both simple and large-scale systems, such
as PCs, computer networks, etc. [13, 14].
IDS systems are usually divided into two categories,
network intrusion detection systems (NIDS) and host-based
intrusion detection systems (HIDS). HIDS are systems that
monitor important operating system files, while NIDS are
systems that analyze incoming network traffic.
IDS systems are classified into two broad categories based
on the detection technique: signature-based detection based on
bad pattern recognition, such as malware, and anomaly-based
detection, that is, the detection of deviations from a model,
mostly based on machine learning techniques. An additional
IDS system is a hybrid IDS that uses both anomalies based and
signature-based detection. This allows the detection of more
potential attacks with a lower error rate than using a single
system. Some IDS systems, such us Suricata, have the ability to
respond to detected intrusions. Response systems are called
Intrusion Prevention System IPS [13, 14].
Suricata NIDS / IPS uses the following detection methods:
 Signature-based detection: Signature IDS monitors packets
on the Network and compares them to predefined packets as
well as predefined attack patterns known as signatures.
 Statistical anomaly-based detection: An anomaly-based
IDS monitors network traffic and compares it to a defined
baseline. The baseline will determine what is "normal" for this
network, what kind of bandwidth is generally used, and what
protocols are used. However, it can generate a false positive
alarm for legitimate bandwidth usage if the baselines are not
configured correctly.
Suricata NIDS / IPS has the same rule statements as Snort.
Snort is one of the most widely used open-source intrusion
prevention (IPS) systems in the world. Snort IPS uses a set of
rules to help detect malicious network activity to find the
packages that match them and generate alerts for users [15]. As
presented in [16], the statement of the rules is divided into two
parts, the Rule header and the Rule option. Figure 5 shows how
these two parts works [16].
Fig. 5. Example of Rule Header and Rule Option in Suricata IDS/IPS.
The rule has a specific configuration, as it shows in figure 5
in the Rule Header, the action will be “alert”, the protocol will
Authorized licensed use limited to: University of Hyderabad IG Memorial Library. Downloaded on November 11,2022 at 06:38:45 UTC from IEEE Xplore. Restrictions apply.
be “TCP”, the source address and Port and the destination Port
can de any address and port in the network, and the destination
address will be “80” port.
In case of an attack, the rule blocks the attack, and produces
the message [msg: “Return Error”; sid: 1000011;), Figure 5] in
which included the type of the attack. In this case the type of the
attack is an SQL Injection and the type of XSS with specific
content that can cover each type of an attack. The part where the
rule will be saved is placed in the end of the Rule Option.
V. RESULT
In our proposed system, that its architecture was described
in figure 3, we executed combined attack scenarios either
directly into the application by injecting SQL, or indirectly,
using the automatic SQL injection and database takeover tool,
sqlmap. It is initially observed that Nginx as error 444 properly
prevented direct SQL code injection attacks with direct code
input. These attacks were specified in its configuration folder
and occurred in all cases. As Table 1 shows the Reverse Proxy
detects and prevents all SQL Injection types except Timing
attacks.
TABLE I. PREVENTION ABILITY OF NGINX AND SURICATA
SQL INJECTION REVERSE SURICATA
ATTACKS PROXY (Nginx) IDS/IPS
Tautology * *
Illegal/Logically Incorrect
* *
Queries
Union Query * *
Piggy-Backed Queries * *
Stored Procedures * *
Blind Injection * *
Timing Attacks *
Then all the attacks are repeated using sqlmap, which uses
all kinds of SQL injection attacks (such as data tautology, Union
Query, Blind Injection, Timing Attacks and others). The first
attacks scenario, with sqlmap, aimed at extracting the database
name from the target web application (DVWA). However, due
to the proposed detection method, the sqlmap returned the URI
parameter, which is not injectable without any information about
database. Figure 6 shows the results of the sqlmap when tested
with the purpose of exporting all the tables in the database. In
this case, sqlmap tried 3506 attempts without being able to find
any information and pass it on to the attacker.
Fig. 6. Example of sqlmap.
In the process of these attacks, it is observed that the system
presented prevented all kinds of attacks without giving any basic
 information to the intruders. The only information that leaked
from the system was the type of WEB application, i.e. that
Nginx is used.
Upon the completion of more than 3500 attacks in each
category using sqlmap, it was observed that the system proposed
is effective. The only information that was leaked was about the
type of application and the database without giving any essential
information to the attacker. Therefore, the operation of the
proposed system is successful. In addition, there was no need to
use a firewall, which could impose overhead on the computer
system.
VI. CONCLUSION AND FUTURE WORK
This paper introduced the ability to modify Nginx and
Suricata IDS/ IPS to detect and prevent SQL and Cross-Site-
Script injection attacks. Our proposed system combines a
properly modified Reverse Proxy, Nginx with Suricata IDS/
IPS, placing the necessary protocols and rules, in order to detect
and prevent SQL injection and XSS attacks. In the process of
these attacks, it is observed that the system prevented all kinds
of attacks without giving any basic information to the intruders.
The only information that leaked from the system was the type
of WEB application.
Regarding future research work, additional protocols and
rules to deal with attacks, such as Broken Access Control and
Insecure Deserialization, as well as the ability to detect and
prevent new attacks, such as the mutated XSS will be evaluated.
It is also important to study additional anomaly detection models
in Suricata IDS/ IPS for better and immediate detection of
attacks. Moreover, it would be of particular interest to explore
and compare our proposed architecture with more resource-
intensive tools such as snort, Zeek and firewalls.
ACKNOWLEDGMENT
The authors are grateful for the financial support provided
by the European Commission for the Horizon 2020 under grant
agreement No 952690 project CYRENE; and from the national
programme, EPAnEK, in the No. T2EΔ/03488 project
CYSMET.
REFERENCES
[1] W. G. J. Halfond, J. Viegas, and A. Orso, "A classification of SQL-
injection attacks and countermeasures", Proceedings of the IEEE
international symposium on secure software engineering. Vol. 1. IEEE,
2006.
Authorized licensed use limited to: University of Hyderabad IG Memorial Library. Downloaded on November 11,2022 at 06:38:45 UTC from IEEE Xplore. Restrictions apply.
[2] The Ten Most Critical Web Application Security Risks
“https://owasp.org/www-project-top-ten/” [Sep 2021]
[3] OWASP Top 10 - 2017 “https://owasp.org/www-project-top-
ten/2017/Top_10” [Sep 2021]
[4] F. Q. Kareem, S. Y. Ameen, A. A. Salih, D. M. Ahmed, S. F. Kak, H. M.
Yasin, I. M. Ibrahim, A. M. Ahmed, Z. N. Rashid, and N. Omar, "SQL
injection attacks prevention system technology", Asian Journal of
Research in Computer Science (2021): 13-32.
[5] T. S. Mule, A. S. Mahajan, S. Kamble, and O. Khatavkar, "Intrusion
Protection against SQL Injection And Cross Site Scripting Attacks Using
a Reverse Proxy", International Journal of Computer Science and
Information Technologies, Vol. 5 (3) , 2014, 2846-2850
[6] S. F. Hidhaya, and A. Geetha, "Intrusion Protection against SQL Injection
and Cross Site Scripting Attacks Using a Reverse Proxy", International
Conference on Security in Computer Networks and Distributed Systems,
SNDS 2012: Recent Trends in Computer Networks and Distributed
Systems Security, pp 252-263
[7] Q. Xue, and P. He, "On Defense and Detection of SQL SERVER Injection
Attack", 2011 7th International Conference on Wireless
Communications, Networking and Mobile Computing,
[8] D. Chen, Q. Yan, C. Wu1, and J. Zhao, "Sql injection attack detection and
prevention techniques using deep learning", Journal of Physics:
Conference Series, Vol. 1757, No. 1, IOP Publishing,, 2021.
[9] L. K. Shar, and H. B. K. Tan, "Defending against cross-site scripting
attacks", Research Collection School Of Information Systems, Computer
45, 3 (2011): 55-62.
[10] W. Kießling, and G. Köstler, "Preference SQL-design, implementation,
experiences", VLDB'02: Proceedings of the 28th International
Conference on Very Large Databases. Morgan Kaufmann, 2002.
[11] OWASP Cross Site Scripting (XSS) “https://owasp.org/www-
community/attacks/xss/” [Sep 2021]
[12] How to Set up a Reverse Proxy (Step-By-Steps for Nginx and Apache)
“https://kinsta.com/blog/reverse-proxy/” [Sep 2021]
[13] S. Axelsson, "Intrusion detection systems: A survey and taxonomy", Vol.
99, Technical report, 2000.
[14] R. C. Newman, "Computer security: Protecting digital resources", Jones
& Bartlett Publishers, 2009.
[15] “https://www.snort.org”
[16] S. Syaifuddin, D. Risqiwati, and H. A. Sidharta, "Automation Snort Rule
for XSS Detection with Honeypot", 5th International Conference on
Electrical Engineering, Computer Science and Informatics (EECSI).
IEEE, 2018.
[17] A. Klein, "DOM based cross site scripting or XSS of the third kind", Web
Application Security Consortium, Articles 4 (2005): 365-372.
[18] Q. Temeiza, M. Temeiza, and J. Itmazi, "A novel method for preventing
SQL injection using SHA-1 algorithm and syntax-awareness", 2017 Joint
International Conference on Information and Communication
Technologies for Education and Training and International Conference on
Computing in Arabic (ICCA-TICET).