WebGuard: Enhancing Web Security Through an Integrated Developer Platform

Abstract

This research presents the development of an integrated developer platform named ‘WebGuard’. The proposedintegrated platform provides solutions for SQL Injection, Cookie and Session Hijacking, Cross-Site Scripting (XSS),Phishing, Distributed Denial-of-Service (DDoS) attacks, and Malware. This study used input validation by generatingautomated regular expressions to detect SQL injection. In addition, stored procedures, parameterized queries, andcryptography are used to detect SQL injection. This platform used secure session ID generation and encrypted userauthentication to prevent cookie and session hijacking. Here, libsodium is utilized to decrypt user authentication. In thisstudy, the cross-site scripting (XSS) mitigation employs input validation, output encoding, and DOMPurify for advancedsanitization. Distributed Denial-of-Service (DDoS) uses a Content Delivery Network (CDN) inWebguard that contains loadbalancing, rate limiting, and a comprehensive incident response plan. Webguard provided malware detection service byusing file type and size validation and heuristic checks. Furthermore, Phishing attacks are also prevented by the proposedplatform. The proposed platform successfully prevented 92.77% of SQL injection attacks out of 828 samples, and it detected6.16% of the provided samples. Webguard successfully prevented 95.12% of cookie and session hijacking attacks out of 41samples. The platform successfully prevented 90.95%, and detected 7.41% of XSS attacks, out of 243 samples. This platformsuccessfully prevented 81.82% of DDoS attacks out of 11 samples. In phishing detection, Webguard successfully detected92.64% out of 231 samples. Finally, this platform successfully detected 87.88% of malware out of 33 samples. Therefore,WebGuard promotes a safer online environment and makes secure development easier for programmers by combining thesefeatures in one location.