Abstract: Businesses, as well as individuals interact with web applications on a daily basis due to their flexibility, appropriateness, availability, usability and interoperability. This makes web applications highly vulnerable to cyber-attacks. While web applications have strengthened most organizations by mapping their businesses globally, and facilitating information exchange, the major concern in web applications is mitigating security breaches. This due to the fact that in the recent past, there has been a dramatic increase in web application vulnerabilities being reported as attackers improves their skill and competencies to defeat the existing techniques. The main objective of this study was to design a hybrid multi-agents system for detecting SQL web applications vulnerabilities and formulate system requirements. Multiagent Systems Engineering (MaSE) was used as a methodology for system design in this study. MaSE provided a guide in analysis and design. The Hybrid system designed was subjected to a desktop review as a test bed to determine the time taken to scan vulnerabilities across webgoat, vicnum and genhoud web applications. When compared to Vega, Wapiti and Zap vulnerability scanners, the hybrid multi-agents system performed better in detecting SQL injections. The authors concluded that a hybrid multi-agents system provides a better coverage with no false positive and false negative limited time to scan compared with already existing vulnerabilities scanners.
Keywords: Web vulnerability scanners, Multi-agents, SQL injection attacks, and web-based applications.
Title: A Hybrid Multi-Agent Vulnerability Scanner for Detecting SQL Injections in Web Applications Systems
Author: Hillary Mutai, Dr. Robert Oboko
International Journal of Computer Science and Information Technology Research
ISSN 2348-1196 (print), ISSN 2348-120X (online)
Research Publish Journals
