Abstract
Online banking (or Internet baking or E-banking) makes people capable to do financial transactions on a secured website. It allows users to manage their money without going to their respective banks. Today, the users can do the financial transactions of their daily life like bill payments, shopping, booking movie, train, air and various other event tickets through online banking. Since the online banking involves circulation of money so it should be secured but as the use of online banking is increasing, the security threats to the banking applications are also increasing. In this paper, we have designed a Java based tool to show the exploitation of Injection (OWASP Top 10-2013 A1 Vulnerability) using SQL Injection attack and Broken Authentication(part of OWASP Top 10-2013 A2 Vulnerability) using Brute Force Attack and Dictionary Attack and the prevention of all these attack by storing the data in our database in encrypted form using AES algorithm.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Huluka, D., Popov, O.: Root Cause Analysis of Session Management and Broken Authentication Vulnerabilities, pp. 82–86. IEEE (2012)
Fonseca, J., Vieira, M., Madeira, H.: Evaluation of Web Security Mechanisms using Vulnerability and Attack Injection. IEEE (2013)
Sadeghian, A., Zamani, M., Manaf, A.A.: A Taxanomy of SQL Injection Detection and Prevention Techniques, pp. 53–56. IEEE (2013)
Scholte, T., Robertson, W., Balzarotti, D., Kirda, E.: Preventing Input Validation Vulnerabilities in Web Applications Through Automated Type Analysis. In: IEEE 36th International Conference on Computer Software and Applications, pp. 233–243 (2012)
https://www.owasp.org/index.php/Top_10_2013-A2-Broken_Authentication_and_Session_Management
Gupta, S., Johari, R.: A New Framework for Credit Card Transactions involving Mutual Authentication between Cardholder and Merchant. In: 2011 International Conference on Communication Systems and Network Technologies (CSNT), pp. 22–26. IEEE (2011)
Johari, R., Gupta, N.: Secure query processing in delay tolerant network using java cryptography architecture. In: 2011 International Conference on Computational Intelligence and Communication Networks (CICN), pp. 653–657. IEEE (2011)
Johari, R., Sharma, P.: A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection. In: 2012 International Conference on Communication Systems and Network Technologies (CSNT), pp. 453–458. IEEE (2012)
Sharma, P., Johari, R., Sarma, S.S.: Integrated approach to prevent SQL injection attack and reflected cross site scripting attack. International Journal of System Assurance Engineering and Management 3(4), 343–351 (2012)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2014 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Jain, I., Johari, R., Ujjwal, R.L. (2014). CAVEAT: Credit Card Vulnerability Exhibition and Authentication Tool. In: Mauri, J.L., Thampi, S.M., Rawat, D.B., Jin, D. (eds) Security in Computing and Communications. SSCC 2014. Communications in Computer and Information Science, vol 467. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-662-44966-0_38
Download citation
DOI: https://doi.org/10.1007/978-3-662-44966-0_38
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-662-44965-3
Online ISBN: 978-3-662-44966-0
eBook Packages: Computer ScienceComputer Science (R0)