@Article{cmc.2021.016099, AUTHOR = {Osamah Ibrahim Khalaf, Munsif Sokiyna, Youseef Alotaibi, Abdulmajeed Alsufyani, Saleh Alghamdi}, TITLE = {Web Attack Detection Using the Input Validation Method: DPDA Theory}, JOURNAL = {Computers, Materials \& Continua}, VOLUME = {68}, YEAR = {2021}, NUMBER = {3}, PAGES = {3167--3184}, URL = {http://www.techscience.com/cmc/v68n3/42471}, ISSN = {1546-2226}, ABSTRACT = {A major issue while building web applications is proper input validation and sanitization. Attackers can quickly exploit errors and vulnerabilities that lead to malicious behavior in web application validation operations. Attackers are rapidly improving their capabilities and technologies and now focus on exploiting vulnerabilities in web applications and compromising confidentiality. Cross-site scripting (XSS) and SQL injection attack (SQLIA) are attacks in which a hacker sends malicious inputs (cheat codes) to confuse a web application, to access or disable the application’s back-end without user awareness. In this paper, we explore the problem of detecting and removing bugs from both client-side and server-side code. A new idea that allows assault detection and prevention using the input validation mechanism is introduced. In addition, the project supports web security tests by providing easy-to-use and accurate models of vulnerability prediction and methods for validation. If these attributes imply a program statement that is vulnerable in an SQLIA, this can be evaluated and checked for a set of static code attributes. Additionally, we provide a script whitelisting interception layer built into the browser’s JavaScript engine, where the SQLIA is eventually detected and the XSS attack resolved using the method of input validation and script whitelisting under pushdown automatons. This framework was tested under a scenario of an SQL attack and XSS. It is demonstrated to offer an extensive improvement over the current framework. The framework’s main ability lies in the decrease of bogus positives. It has been demonstrated utilizing new methodologies, nevertheless giving unique access to sites dependent on the peculiarity score related to web demands. Our proposed input validation framework is shown to identify all anomalies and delivers better execution in contrast with the current program.}, DOI = {10.32604/cmc.2021.016099} }