Wasp
Content
1
INTRODUCTION
1. INTRODUCTION
2
Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. SQL Injection Attacks (SQLIAs) are one of the most significant of such threats. SQLIAs have become increasingly frequent and pose very serious security risks because they can give attackers unrestricted access to the databases that underlie Web applications. We need to prevent it from the attackers and provide security to the database.
We use two techniques one is called positive tainting it is based on the identification, marking, and tracking of trusted, rather than untrusted, data. Second one is Syntax Aware Evaluation. Syntax Aware Evaluation allows the user to enter both trusted and untrusted data until it doesn’t cause any SQL Injection. The key feature of syntax aware evaluation is that it considers the context in which trusted and untrusted data is used to make sure that all parts of a query other than string or numeric literals consist only of trusted characters. As long as untrusted data is confined to literals, we are guaranteed that no SQLIA can be performed. We have implemented our techniques in the tool web application SQLInjection Preventor (WASP). WASP was able to stop all of the otherwise successful attacks and did not generate any false positives.
2. OBJECTIVE OF THE PROJECT
3
2.1 SCOPE The objective of this series is to introduce Oracle users to some of the dangers of SQL injection and to suggest some simple ways of protecting against these types of attack. SQL injection techniques are an increasingly dangerous threat to the security of information stored upon Oracle Databases. 2.2 EXISTING SYSTEM SQL Injection Attacks (SQLIAs) are one of the most significant of such threats. SQLIAs have become increasingly frequent and pose very serious security risks because they can give attackers unrestricted access to the databases that underlie Web applications. Inadequate input validation can enable attackers to gain complete access to such databases. One way in which this happens is that attackers can submit input strings that contain specially encoded database commands. When the Web application builds a query by using these strings and submits the query to its underlying database, the attacker’s embedded commands are executed by the database and the attack succeeds. If user input is not properly validated, attackers may be able to change the developer’s intended SQL command by inserting new SQL keywords or operators through specially crafted input strings.
2.3 PROPOSED SYSTEM The general mechanism that we use to implement this approach is based on dynamic tainting, which marks and tracks certain data in a program at runtime.
4
Syntax-aware evaluation lets us address security problems that are derived from mixing data and code while still allowing for this mixing to occur. It gives developers a mechanism for regulating the usage of string data based not only on its source but also on its syntactical role in a query string.
The first conceptual advantage of our approach is the use of positive tainting. Positive tainting identifies and tracks trusted data.
In Web applications, sources of trusted data can more easily and accurately be identified than untrusted data sources. Therefore, the use of positive tainting leads to increased automation.
The practical advantages of our approach are that it imposes a low overhead on the application and it has minimal deployment requirements. Efficiency is achieved by using a specialized library, called Meta Strings, that accurately and efficiently assigns and tracks trust markings at runtime.
2.4 ALGORITHM & EXPLANATION 2.4.1 Use-case specification :< Positive Tainting>
Brief Description
5
This use case is used to track and identifies the trusted data from the web applications. Basic Flow This use case begins when a user enters the system by providing their username and password. Alternative Flows <Invalid flow> If no valid details are provided then an error message is shown. Pre Conditions The user should login by providing the details. Post Conditions If the use case completes successfully then the customer enters the system successfully. 2.4.2 Use-case specification :< Character Level Tainting>
Brief Description In this use case we track taint information at the character level rather than at the string level.
Basic Flow
6
This use case begins when we provide a query string. We track taint information at the character level rather than at the string level. We do this because, for building SQL queries Alternative Flows <Invalid flow> If the string intializer is not invoked then the module will not check for character level tainting. Pre Conditions The Character Level Tainting module should be selected. Post Conditions If the use case completes successfully then the type of injection will be identified. 2.4.3 Use-case specification :< Syntax Aware Evaluation>
Brief Description Syntax Aware Evaluation considers the context in which trusted and untrusted data is used to make sure that all parts of a query other than string or numeric literals (for example, SQL keywords and operators) consist only of trusted characters
Basic Flow
7
This use case will be performed immediately before the query has been executed. Alternative Flows <Invalid flow> Meta data library should be initialized along with this module. Pre Conditions The Syntax Aware Evaluation module should be selected. Post Conditions If the use case completes successfully then the injected query will be identified. 2.5 TECHNOLOGIES JAVA Java technology is both a programming language and a platform. The Java Programming Language The Java programming language, developed at Sun Microsystems under the guidance of Net luminaries James Gosling and Bill Joy, is designed to be a machine-independent programming language that is both safe enough to traverse networks and powerful enough to replace native executable code. The Java programming language is a high-level language that can be characterized by all of the following buzzwords:
Simple
Architecture neutral
Object oriented Portable Distributed High performance
8
Interpreted Robust Secure
Multithreaded Dynamic
With most programming languages, you either compile or interpret a program so that you can run it on your computer. The Java programming Language is unusual in that a program is both compiled and interpreted. With the compiler, first you translate a program into an intermediate language called Java byte codes —the platform-independent codes interpreted by the interpreter on the Java platform. The interpreter parses and runs each Java byte code instruction on the computer. Compilation happens just once; interpretation occurs each time the program is executed. The following figure illustrates how this works.
We can think of Java bytecode as the machine code instructions for the Java Virtual Machine (Java VM). Every Java interpreter, whether it's a development tool or a Web browser that can run applets, is an implementation of the Java VM. Java bytecode help make "write once, run anywhere" possible. We can compile your program into bytecode on any platform that has a Java compiler. The bytecode can then be run on any implementation of the Java VM. That means that as long as a computer has a Java VM, the same program written in the Java programming language can run on Windows 2000, a Solaris workstation, or an iMac.
9
The Java Platform A platform is the hardware or software environment in which a program runs. We've already mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and MacOS. Most platforms can be described as a combination of the operating system and hardware. The Java platform differs from most other platforms in that it's a software-only platform that runs on top of other hardwarebased platforms. The Java platform has two components: •
•
The Java Virtual Machine (Java VM) The Java Application Programming Interface (Java API)
A Virtual Machine Java is both a compiled and an interpreted language. Java source code is turned into simple binary instructions, much like ordinary microprocessor machine code. However, whereas C or C++ source is refined to native instructions for a particular model of processor, Java source is compiled into a universal format—instructions .Compiled Java byte-code, also called J-code, is executed by a Java runtime interpreter. The runtime system performs all the normal activities of a real processor, but it does so in a safe, virtual environment. It executes the stack-based instruction set and manages a storage heap. It creates and manipulates primitive datatypes, and loads and invokes newly referenced blocks of code. Most importantly, it does all this in accordance with a strictly defined open specification that can be implemented by anyone who wants to produce a Java-compliant virtual
10
machine. Together, the virtual machine and language definition provide a complete specification. There are no features of Java left undefined or implementation-dependent. For example, Java specifies the sizes of all its primitive data types, rather than leave it up to each implementation. The Java interpreter is relatively lightweight and small; it can be implemented in whatever form is desirable for a particular platform. On most systems, the interpreter is written in a fast, natively compiled language like C or C++. The interpreter can be run as a separate application, or it can be embedded in another piece of software, such as a web browser. All of this means that Java code is implicitly portable. The same Java application byte-code can run on any platform that provides a Java runtime environment, as shown in Figure 1.1. You don't have to produce alternative versions of your application for different platforms, and you don't have to distribute source code to end users.
The JAVA Runtime environment The fundamental unit of Java code is the class. As in other object-oriented languages, classes are application components that hold executable code and data. Compiled Java classes are distributed in a universal binary format that contains Java byte-code and other
11
class information. Classes can be maintained discretely and stored in files or archives on a local system or on a network server. Classes are located and loaded dynamically at runtime, as they are needed by an application. The Java API is a large collection of ready-made software components that provide many useful capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into libraries of related classes and interfaces; these libraries are known as packages. The next section, What Can Java Technology Do?, highlights what functionality some of the packages in the Java API provides. The following figure depicts a program that's running on the Java platform. As the figure shows, the Java API and the virtual machine insulate the program from the hardware.
Native code is code that after you compile it, the compiled code runs on a specific hardware platform. As a platform-independent environment, the Java platform can be a bit slower than native code. However, smart compilers, well-tuned interpreters, and just-in-time byte code compilers can bring performance close to that of native code without threatening portability. What Can Java Technology Do? The most common types of programs written in the Java programming language are applets and applications. If you've surfed the Web, you're probably already familiar with applets. An applet is a program that adheres to certain conventions that allow it to run within a Java-enabled browser. However, the Java programming language is not just for writing cute, entertaining applets for the Web. The general-purpose, high-level Java programming language is
12
also a powerful software platform. Using the generous API, you can write many types of programs. An application is a standalone program that runs directly on the Java platform. A special kind of application known as a server serves and supports clients on a network. Examples of servers are Web servers, proxy servers, mail servers, and Print servers. Another specialized program is a servlet. A servlet can almost be thought of as an applet that runs on the server side. Java Servlets are a popular choice for building interactive web applications, replacing the use of CGI scripts. Servlets are similar to applets in that they are runtime extensions of applications. Instead of working in browsers, though, servlets run within Java Web servers, configuring or tailoring the server. How does the API support all these kinds of programs? It does so with packages of software components that provides a wide range of functionality. Every full implementation of the Java platform gives you the following features:
• • • •
The essentials: Objects, strings, threads, numbers, input and output, data Applets: The set of conventions used by applets. Networking: URLs, TCP (Transmission Control Protocol), UDP (User Internationalization: Help for writing programs that can be localized for
structures, system properties, date and time, and so on.
Data gram Protocol) sockets, and IP (Internet Protocol) addresses. users worldwide. Programs can automatically adapt to specific locales and be displayed in the appropriate language.
• • • •
Security: Both low level and high level, including electronic signatures, Software components: Known as JavaBeansTM, can plug into existing Object serialization: Allows lightweight persistence and communication Java Database Connectivity (JDBCTM): Provides uniform access to a wide
public and private key management, access control, and certificates. component architectures. via Remote Method Invocation (RMI). range of relational databases.
13
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers, collaboration, telephony, speech, animation, and more. The following figure depicts what is included in the Java 2 SDK.
How Will Java Technology Change My Life? We can't promise you fame, fortune, or even a job if you learn the Java programming language. Still, it is likely to make your programs better and requires less effort than other languages. We believe that Java technology will help you do the following:
•
Get started quickly: Although the Java programming language is a
powerful object-oriented language, it's easy to learn, especially for programmers already familiar with C or C++.
•
Write less code: Comparisons of program metrics (class counts, method
counts, and so on) suggest that a program written in the Java programming language can be four times smaller than the same program in C++.
14 •
Write better code: The Java programming language encourages good
coding practices, and its garbage collection helps you avoid memory leaks. Its object orientation, its JavaBeans component architecture, and its wide-ranging, easily extendible API let you reuse other people's tested code and introduce fewer bugs.
•
Develop programs more quickly: Your development time may be as much
as twice as fast versus writing the same program in C++. Why? You write fewer lines of code and it is a simpler programming language than C++.
•
Avoid platform dependencies with 100% Pure Java: You can keep your
program portable by avoiding the use of libraries written in other languages. The 100% Pure JavaTM Product Certification Program has a repository of historical process manuals, white papers, brochures, and similar materials online.
•
Write once, run anywhere: Because 100% Pure Java programs are
compiled into machine-independent bytecodes, they run consistently on any Java platform.
•
Distribute software more easily: You can upgrade applets easily from a
central server. Applets take advantage of the feature of allowing new classes to be loaded "on the fly," without recompiling the entire program.
The java development team which included Patrick Naught on discovered that the existing language like C and C++ had limitations in terms of both reliability and portability. However, the language java on C and C++ but removed a number of features of C and C++ that were considered as sources of problems and thus made java a really simple, reliable, portable and powerful language.
Specifically, this overview will include a bit include a bit of the history of java platform, touch of the java programming language, and the ways in which people are using java applications and applets, now and in the likely future. After going a while down the path of consumer – electronics devices, they realized that they had something particularly cool in the java language and focused on it as a language for network computing. Sun
15
formed the java soft group which in a little over three years has grown to over six hundred people working on java related technologies. Features of JAVA: Platform – Independent: Changes and upgrades in operating systems, processors and system resources will not force any change in java programs. This is the reason why Java has become a popular language for programming on Internet. Portable: Java ensures portability in two ways. First, java compiler generates bytecode instructions that can be implemented on any machine. Secondly, the size of the primitive data types is machine independent. Object oriented: Java is a true objected oriented language. Almost everything in java is an object. All program code and data must reside within objects and classes. Java comes with an extensive set of classes arranged in packages that we can use in out programs by inheritance. The object model in java is simple and easy to extend. Distributed: Java is designed as a distributed language for creating applications on networks. It has the ability to share both date and programs.
Dynamic: Java is a dynamic language. Java is capable of dynamically linking new class, libraries, methods and objects. Secure:
16
Since java supports applets which are programs that are transferred through internet, there may arise a security threat. But java overcomes this problem by confining the applets to the runtime package or JVM and thus it prevents infections and malicious contents. Robust: Java is said to be robust in two ways 1. Java allocates and de-allocates its dynamic memory on its own. 2. Java provides exception.
Multithreaded: Java supports multithreaded programs which allow you to write programs that do many things simultaneously. This is used in interactive network programs. Interpreted: The byte code is interpreted by JVM. Even though interpreted, Java provides high performance. The byte code generated by the Java compiler for translating to native machine code with high performance but the Just In Time (JIT) compiler in java. JAVA Components: • • • • • • • • • Swing J Frame J File Chooser J Scroll Pane Image Media Tracker String Tokenizer Buffered Image Container
17
Swing: Swing is a set of classes that provides more powerful and flexible components that are possible with AWT and hence we adapted swing. In addition to normal components such as buttons, check box, labels swing includes tabbed panes, scroll panes, trees and tables. It provides extra facilities than the normal AWT components. J Frame: Like AWT’s frame class, the J Frame class can generate events when things happen to the window, such as the window being closed, activated, iconified or opened. These events can be sent to a window Listener if one is registered with the frame. J File Chooser: It provides a simple mechanism for the user to choose a file. Here it points the users default directory. It includes the following methods: Show Dialog: Pops a custom file chooser dialog with a custom approve button. Set Dialog Type: Sets the type of this dialog. Use open-dialog when we want to bring up a file chooser that the user can use to open file. Use save-dialog for letting the user choose a file for saving. Set Dialog Title: Set the given string as the title of the J File Chooser window. J Scroll Pane: Encapsulates a scrollable window. It is a component that represents a rectangle area in which a component may be viewed. It provides horizontal and vertical scrollbar if necessary.
18
Image: The image class and the java.awt.image package, together provide the support for imaging both for the display and manipulation of web design. Images are objects of the image class, and they are manipulated using the classes found in the java.awt.image package. Media Tracker: Many early java developers found the image observer interface is far too difficult to understand and manage when there were multiple images to be loaded. So the developer community was asked to provide a simpler solution that would allow programmers to load all of their images synchronously. In response to this, Sun Microsystems added a class to AWT called media tracker. A media tracker is an object that will check the status of an arbitrary number of images in parallel. The add Image method of it is used to track the loading status of the image. String Tokenizer: The processing of text often consists of parsing a formatted input string. Parsing is the division of the text in to set of discrete parts or tokens, which in a certain sequence can convey can convey a semantic meaning. The StringTokenizer provides first step in this parsing process, often called the lexer or scanner. StringTokenizer implements the Enumeration interface. Therefore given an input sting, we can enumerate the individual tokens contained in it using String Tokenizer. Buffered Image: In previous versions of Java, it was very difficult to manipulate images on a pixelby-pixel basis. We have to either create an mage filter to modify the pixels as they came through the filter, or we have to make a pixel grabber to grab an image and then create a
19
Memory Image Source to turn the array of pixels in to an image. The buffered Image class provides a quick, convenient shortcut by providing an image whose pixels can be manipulate directly.
20
SOFTWARE ANALYSIS
3
SYSTEM REQUIREMENTS
3.1 Hardware requirements PROCESSOR RAM HARD DISK : : Pentium-IV 2.4 GHz or Higher Configuration
256MB : 10.2GB
3.2 Software requirements Operating System : Windows 2000 or above.
21
Pages developed using : Java Server Pages and HTML. Techniques Web Browser Data Bases Client Side Scripting : Apache Tomcat Web Server 5.0, JDK 1.5 or higher : Microsoft Internet Explorer. : SQL-Server 2005 or Ms-Access. : Java Script
22
SYSTEM DESIGN
4
DESIGN
4.1 SYSTEM ARCHITECTURE
23
MODULE DESCRIPTION Positive Tainting. Character-level tainting Syntax aware Online Banking
Admin Customer Credit Card
POSITIVE TAINTING Positive tainting differs from traditional tainting because it is based on the identification, marking, and tracking of trusted, rather than untrusted, data. This conceptual difference has significant implications for the effectiveness of our approach, in that it helps address problems caused by incompleteness in the identification of relevant data to be marked. Incompleteness, which is one of the major challenges when implementing a security based on dynamic tainting, has very different consequences in negative and positive tainting. In the case of negative tainting, incompleteness leads to trusting data that should not be trusted and, ultimately, to false negatives CHARACTER-LEVEL TAINTING We track taint information at the character level rather than at the string level. We do this because, for building SQL queries, strings are constantly broken into sub strings, manipulated, and combined. By associating taint information to single characters, our
24
approach can precisely model the effect of these string operations. Another alternative would be to trace taint data at the bit level, which would allow us to account for situations where string data are manipulated as character values using bit wise operators. However, operating at the bit level would make the approach considerably more expensive and complex to implement and deploy. Most importantly, our experience with Web applications shows that working at a finer level of granularity than a character would not yield any benefit in terms of effectiveness. Strings are typically manipulated using methods provided by string library classes and we have not encountered any case of query strings that are manipulated at the bit level .Accounting for string manipulations. To accurately maintain character-level taint information, we must identify all relevant string operations and account for their effect on the taint markings. Our approach achieves this goal by taking advantage of the encapsulation offered by object oriented languages, in particular by Java, in which all string manipulations are performed using a small set of classes and methods. Our approach extends all such classes and methods by adding functionality to update taint markings based on the method’s semantics. SYNTAX AWARE The key feature of syntax aware evaluation is that it considers the context in which trusted and untrusted data is used to make sure that all parts of a query other than string or numeric literals (for example, SQL keywords and operators) consist only of trusted characters. As long as untrusted data is confined to literals, we are guaranteed that no SQLIA can be performed. Our technique performs syntax-aware evaluation of a query string immediately before the string is sent to the database to be executed. To evaluate the query string, the
25
technique first uses a SQL parser to break the string into a sequence of tokens that correspond to SQL keywords, operators, and literals. The technique then iterates through the tokens and checks whether tokens (that is, sub strings) other than literals contain only trusted data. If all such tokens pass this check, the query is considered safe and is allowed to execute. If an attack is detected, a developer specified action can be invoked.
ADMIN LOGIN To access our site ever person must login in that page it have account number and password .the admin must enter his account number and password that values is checked in the data base whether the give values in correct if the give value is correct means is show the next page other wise it return to login page with error message (Invalid account number and password). This is normal procedure but the user can login with out his password by injecting the SQL Query so to solve this problem we develop the tool (WASP) to find the user input is valid data or not. That tool contain a technique is positive tainting and syntaxawareness .it check wither the inputs is injected the present query or not .If the present value is inject the query means that tool doesn’t send the data To the SQL Query .if the data is good means it send the data to the database through the SQL Query . To invoke the WASP tool the user want to click any one of radio button in the login page. Once you click it check’s full project
26
After the admin login success admin have the sub modules .in our project we checked all the data’s whether the give data is correct or not then we send the data to the database. NEW REGISTRATION After the admin login successfully the first sub modules is registration module. In this module admin enter the new user details ie.name, address, occupation, type of account… account number, pin number and amount. By the use of the account number and pin only customer login in his module. Before the data insert into data bases it check whether the account is available or not then it insert the data. Before the given values going to the query the WASP tool check whether the given data is injecting the present query or not .if it injected the query it not send the value to data base and return to the same page with message your value is invalid. TRANSACTION This is the second module of admin module in this admin can view only the transaction details .in that page it shows user details that’s are sender name, data and time, reciver name, account number, amount you send it. CUSTOMER DETAILS This is the third module of the admin in this module in show the customer details. This module is use to edit some details of the particular customer. In this module it show all the customer details who are all in our bank when you want to delete or edit the particular customer details click his name and it show the all the details of the that
27
customer admin go and edit the particular field which we want to edit and press the update button. To delete the customer details select the customer name, which you want to delete and press the delete option it, delete the full detail of the customer. Before the given values going to the query the WASP tool check whether the given data is injecting the present query or not .if it injected the query it not send the value to data base and return to the same page with message your value is invalid. CUSTOMER This module customer can view his details and change the password and send the amount to another account. To process this he/she must login by his account number and password. This module has two sub-modules. 2.5.2.1 Login 2.5.2.2 Customer details 2.5.2.3 Transaction LOGIN To access our site ever person must login in that page it have account number and password .The customer must enter his account number and password that values is checked in the data base whether the give values in correct if the give value is correct means is show the next page other wise it return to login page with error message (Invalid account number and password). This is normal procedure but the user can login with out his password by injecting the Sqlquery so to solve this problem we develop the tool (WASP) to find the user input is valid data or not. That tool contain a technique is positive
28
tainting and syntax-awareness .it check wither the inputs is injected the present query or not .If the present value is inject the query means that tool doesn’t send the data To the SQL Query .if the data is good means it send the data to the database through the sqlquery. To invoke the WASP tool the user wants to click any one of radio button in the login page. Once you click it check’s full project After the customer login success admin have the sub modules .in our project we checked all the data’s whether the give data is correct or not then we send the data to the database. CUSTOMER DETAILS This is the first module of the customer in this module customer can change his password of his account because admin only create his account and pin number it was known to the admin in not safe so we want to change the pin number .the customer can have access to change it pin number only. Before the value going to sqlquery the WASP tool check each given data is good or not i.e. whether it injected the present query or not. TRANSACTION In this module the customer can send the amount from his account to another account if that sending amount is available or not .to send the amount the customer must login and move to the transaction module and type the account number and amount which we want to send and press the enter button. Before the value send to the database the
29
WASP tool invoke and check the given data is injected the present SQLQuery or not. Then only it was send to database.
CREDIT CARD Login in: To access our site ever person must login in that page it have account number and password .the customer must enter his account number and password that values is checked in the data base weather the give values in correct if the give value is correct means is show the next page other wise it return to login page with error message (Invalid account number and password ) .This is normal procedure but the user can login with out his password by injecting the Sqlquery so to solve this problem we develop the tool(WASP) to find the user input is valid data or not .that tool contain a technique is positive tainting and syntax-awareness .it check wither the inputs is injected the present query or not .If the present value is inject the query means that tool doesn’t send the data To the SQL Query .if the data is good means it send the data to the database through the SQL Query. To invoke the WASP tool the user wants to click any one of radio button in the login page .once you click it check’s full project. In this module customer can bay the bill to his due by login in this credit card account, it have one sub-module. Bill credit:
30
After the customer login successfully it show the sub module in that module. The customer can pay his bills through his card .in our project we set two option to pay the bill one is electric bill another bill is cell phone bill. when we click bill links to show the current account balance and we can pay the bill and the particular amount his reduce in his own account. Before the given values going to the query the WASP tool check weather the given data is injecting the present query or not .if it injected the query it not send the value to data base and return to the same page with message your value is invalid.
31
UML DIAGRAMS
32
5
UML DIAGRAMS
Unified Modeling Language Diagrams • The unified modeling language allows the software engineer to express an analysis model using the modeling notation that is governed by a set of syntactic semantic and pragmatic rules. • A UML system is represented using five different views that describe the system from distinctly different perspective. Each view is defined by a set of diagram, which is as follows. User Model View This view represents the system from the users perspective. The analysis representation describes a usage scenario from the end-users perspective. Structural model view In this model the data and functionality are arrived from inside the system. This model view models the static structures Behavioral Model View It represents the dynamic of behavioral as parts of the system, depicting the interactions of collection between various structural elements described in the user model and structural model view. Implementation Model View In this the structural and behavioral as parts of the system are represented as they are to be built. Environmental Model View
33
In this the structural and behavioral aspects of the environment in which the system is to be implemented are represented. UML is specifically constructed through two different domains they are UML Analysis modeling, this focuses on the user model and structural model views of the system. UML design modeling, which focuses on the behavioral modeling, implementation modeling and environmental model views.
Diagrams overview In UML has 14 types of diagrams divided into two categories. Seven diagram types represent structural information, and the other seven represent general types of behavior, including four that represent different aspects of interactions.
34
CLASS DIAGRAM Identification of analysis classes: A class is a set of objects that share a common structure and common behavior (the same attributes, operations, relationships and semantics). A class is an abstraction of real-world items. .
Cerdit Card Accnumber() Password()
cre dit
CreditProcess Bill process()
dit cre
Customer Login Database Accnumber() password() customer check() update() delete() insert()
CustomerHome User details() Transaction()
customer
in Adm
Admin Home Reistration() transation() customer details() Amount credit()
Admin username() password()
Ad mi n
USECASE DIAGRAM
35
A use case in software engineering and systems engineering is a description of a system’s behavior as it responds to a request that originates from outside of that system. In other words, a use case describes "who" can do "what" with the system in question. The use case technique is used to capture a system's behavioral requirements by detailing scenariodriven threads through the functional requirements.
5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7
36
SEQUENCE DIAGRAM A sequence diagram is a graphical view of a scenario that shows object interaction in a time-based sequence what happens first, what happens next. Sequence diagrams establish the roles of objects and help provide essential information to determine class responsibilities and interfaces.
admin enter login details
login
wasp
database
not injected
account number password
invalid account number password injected
37
COMPONENT DIAGRAM The different high-level reusable parts of a system are represented in a Component diagram. A component is one such constituent part of a system. In addition to representing the high-level parts, the Component diagram also captures the inter-relationships between these parts.
38
DEPLOYMENT DIAGRAM Deployment Diagram Deployment diagrams depict the physical resources in a system including nodes, components, and connections. Basic Deployment Diagram Symbols and Notations
39
IMPLEMENTATION
40
IMPLEMENTATION Implementation is the process of converting a new or revised system into an operational one. The design system is converted into operational one using programming language. The project “SECURING WEB APPLICATIONS USING WASP” is implemented using JAVA and JSP. PROBLEMS FACED AND LESSONS LEARNT There are some problems that I came across during the Software Development Life Cycle. This is the stage where I confirm weather the project has achieved the ultimate goal or not. I faced problems mostly in testing phase. Testing encompasses a set of activities that were conducted systematically. This begins at the module level and works outward towards the integration of the entire system. The purpose of testing is to identify various bugs and to fix them. For each and every module there are some problems during implementation and testing. It takes some time to solve the problems but the coding techniques help to solve the problems. The lessons learnt from the problems and by solving the problems are that which ultimately leads to suffice the quality factor such as correctness, reliability, efficiency, usability, maintainability, portability, accuracy, error tolerance and expandability.
41
TESTING
42
6. Testing objectives
TESTING
# Testing is a process of executing a program with the intent of finding an error. # A good test has a high probability of finding an as yet undiscovered error. # A successful test is one that uncovers an as yet undiscovered error The objective is to design tests that systematically uncover different classes of errors and do so with a minimum amount of time and effort. Testing cannot show the absence of defects, it can only show that software defects are present. 1.Unit Testing: Purpose Unit testing focuses verification effort on the smallest unit of software design. Each of the modules in this project was verified individually for errors. The goal of this test is to verify and validate proper data. Interface # Number of input parameters should be equal to number of arguments # Parameter and argument attributes must match # Parameters passed should be in correct order # Global variable definitions consistent across modules.
If module does I/O:
43
* File attributes should be correct * Open/Close statements must be correct * Format specifications should match I/O statements * Buffer Size should match record size * Files should be opened before use * End of file condition should be handled * I/O errors should be handled * Any textual errors in output information must be checked. Local Data Structures (common source of errors!) # Improper or inconsistent typing # Erroneous initialization or default values # Incorrect variable names # Inconsistent date types # Overflow, underflow, address exceptions
Boundary conditions and Independent paths Error Handling
44
# Error description unintelligible # Error noted does not correspond to error encountered # Error condition handled by system run-time before error handler gets control # Exception condition processing incorrect 2. Integration Testing: Purpose Integration testing is a systematic technique for constructing the program structure, while at the same time unit tested modules were taken, and the program structure that was specified in the design was built, and then testing was carried out. Top down Integration Modules integrated by moving down the program design hierarchy. Can use depth first or breadth first top down integration. Verifies major control and decision points early in design process. Top-level structure tested most. Depth first implementation allows a complete function to be implemented, tested and demonstrated. Can do depth first implementation of critical functions early. Top down integration forced (to some extent) by some development tools in programs with graphical user interfaces.
Bottom up Integration Begin construction and testing with atomic modules (lowest level modules).Bottom up integration testing as its name implies begins construction and testing with atomic modules. Because modules are integrated from the bottom up, processing required for
45
modules subordinate to a given level is always available and the need for stubs is eliminated. 3. Validation Testing: Validation testing is aims to demonstrate that the software functions in a manner that can be reasonably expected by the customer. This tests conformance the software to the Software Requirements Specification. Validation Test Criteria A set of black box test is to demonstrate conformance with requirements. To check that all functional requirements satisfied, all performance requirements achieved, documentation is correct and ' human-engineered', and other requirements are met (e.g. compatibility, error recovery, and maintainability). When validation tests fail it may be too late to correct the error prior to scheduled delivery. Need to negotiate a method of resolving deficiencies with the customer. Configuration Review An audit to ensure that all elements of the software configuration are properly developed catalogued and has all the necessary detail to support maintenance.
4. Alpha and Beta Testing: It is difficult to anticipate how users will really use software. If there is one customer, a series of acceptance tests are conducted (by the customer) to enable the customer to validate all requirements. If software is being developed for use by multiple
46
customers, cannot use acceptance testing. An alternative is to use alpha and beta testing to uncover errors. A customer conducts alpha testing at the developer's site. The customer uses the software with the developer 'looking over the shoulder' and recording errors and usage problems. Alpha testing conducted in a controlled environment. Beta testing is conducted at one or more customer sites by end users. It is 'live’ testing in an environment not controlled by developer. The customer records and reports difficulties and errors at regular intervals. 5. System Testing: Software is only one component of a system. Software will be incorporated with other system components and system integration and validation test performance. 6. Recovery Testing: Many systems need to be fault tolerant-processing faults must not cause overall system failure. Other systems require after a failure within a specified time. Recovery testing is the forced failure of the software in a variety of ways to verify that recovery is properly performed. 7. Security Testing: System with sensitive information or which have the potential to harm individuals can be target for improper or illegal use. This can include:
# attempted penetration of the system by outside individuals for fun or personal gain. # disgruntled or dishonest employees. During security testing the tester plays the role of the individual trying to penetrate the system. Large range of methods:
47
# Attempt to acquire passwords through external clerical means. # Use custom software to attack the system # Overwhelm the system with requests # Cause system errors and attempt to penetrate the system during recovery. # Browse through insecure data. Given time and resources, the security of most systems can be breached. 8. Performance Testing: For real-time and embedded systems, functional requirements may be satisfied but performance problems make the system unacceptable. Performance testing checks the runtime performance in the context of the integrated system Can be coupled with stress testing, May require special software instrumentation. Testing under various software development stages: 1. Requirements Stage: The requirements documents are tested by disciplined inspection and review. The preparation of test plan, which should include: 1. Specification 2. Description of test precious 3. Test milestones 4. Test Schedule 5. Test data reduction
48
6. Evaluation criteria 2. Design Stage: Design products are tested by analysis, simulation, walkthrough and inspection. Test data for functions are generated. Test cases based on structure of system are generated. 3. Construction Stage: This Stage includes the actual execution of code with test data. Code walkthrough and inspection are conducted. Static analysis, Dynamic analysis, Construction of test drivers, hair nesses and stubs are done. Control and management of test process is critical. All test sets, test results and test reports should be catalogued and stored.
1. Operation and Maintenance Stage:
Modifications done to the software requires retesting this is termed regression testing. Changes at a given level will necessitate retesting at all levels below it. Approaches Two basics approach: 1. Black box or "Functional" analysis 2. White box or "Structural" analysis 1. Functional Testing: Boundary value analysis (Stress Testing) In this method the input data is partitioned and data inside and at the boundary of each partition is tested. Design based functional testing Functional hierarchy is constructed. For each function at each level external, non-ext external and special value test data are identified. Test data is identified such that it will generate external, non-external and special output values. Cause-effect graphing
49
In this method the characteristic input stimuli (Causes), characteristic output classes (effects) are identified. The dependencies are identified using specification. These details are presented as directed graph. Test cases are chosen to test dependencies. 2. Structural Testing: Coverage-based testing The Program is represented as control-flow graph. The paths are identified. Data are chosen to maximize paths executed under test conditions. For paths not always finite and those infeasible, Coverage metrics can be applied. Complexity-based testing The Cyclomatic Complexity is measured. The paths actually executed by program running on test data are identified and the actual complexity is set. A test set is devised which will drive actual complexity closer to Cyclomatic complexity. Test Data Analysis: During Test Data Analysis “The Goodness of the test data set" is taken into major consideration. that are
Statistical analysis and error seeding: Known errors are seeded into the code so that their placement is statistically similar to that of actual errors . Mutation Analysis: It is assumed that a set of test data that can uncover all simple faults in a program is capable of detecting more complex faults. In mutuation analysis a large number of simple faults, called mutuation,are introduced in a program one at a time .The resulting changed versions of the test program are called mutuats. Test data is then be constructed to cause these mutants to fail. The effectiveness of the test data set is measured by the percentage to mutants killed.
50
Test Results: The listed tests were conducted in the software at the various developments stages. Unit testing was conducted. The errors were debugged and regression testing was performed. The integration testing will be performed once the system is integrated with other related systems like Inventory, Budget etc. Once the design stage was over the Black Box and White Box Testing was performed on the entire application. The results were analyzed and the appropriate alterations were made. The test results proved to be positive and henceforth the application is feasible and test approved. IMPLEMENTATION: Implementation includes all those activities that take place to convert from the old system to the new. The new system may be totally new; replacing an existing manual or automated system, or it may be a major modification to an existing system. Proper implementation is essential to provide reliable system to meet the organizational requirements. Successful implementation may not guarantee improvement in the organizational using the new system, as well as, improper installation will prevent any improvement. The implementation phase involves the following tasks: * Careful Planning. * Investigation of system and constraints. * Design of methods to achieve the changeover. * Training of staff in the changeover phase. * Evaluation of changeover.
51
SCREEN SHOTS
52
7.
SCREEN SHOTS
Home page
53
login
54
Admin
55
56
FUTURE ENHANCEMENT AND CONCLUSION
8.
FUTURE ENHANCEMENT In this project we find the sql injection only in the login process, they don’t care
about other process in the application after he/she sign in to application they can inject any where in the application so we want to check the full application by using wasp , before the data going to query we want to check the each data by use of WASP and find the injected query before going to the database for the full application , so our future work is to check the full application with WASP. CONCLUSION This paper presented a novel highly automated approach for protecting Web applications from SQLIAs. Our approach consists of 1) Identifying trusted data sources and marking data coming from these sources as trusted, 2) Using dynamic tainting to track trusted data at runtime, and
57
3) Allowing only trusted data to form the semantically relevant parts of queries such as SQL keywords and operators. Unlike previous approaches based on dynamic tainting, our technique is based on positive tainting, which explicitly identifies trusted (rather than untrusted) data in a program. This way, we eliminate the problem of false negatives that may result from the incomplete identification of all untrusted data sources. False positives, although possible in some cases, can typically be easily eliminated during testing.
BIBILOGRAPHY
58
9.
REFERENCES
1. C. Anley, “Advanced SQL Injection In SQL Server Applications,” white paper, Next Generation Security Software, 2002.
2. S.W. Boyd and A.D. Keromytis, “SQLrand: Preventing SQL Injection Attacks,” Proc. Second Int’l Conf. Applied Cryptography and Network Security, pp. 292-302, June 2004.
59
3. J. Clause, W. Li, and A. Orso, “Dytan: A Generic Dynamic Taint Analysis Framework,” Proc. Int’l Symp. Software Testing and Analysis, pp. 196-206, July 2007.
4. W.R. Cook and S. Rai, “Safe Query Objects: Statically Typed Objects as Remotely Executable Queries,” Proc. 27th Int’l Conf. Software Eng., pp. 97-106, May 2005.
TEXT BOOKS:
1.
Herrbert Schildt, “The Complete Reference JAVA 2”,7th Edition Tata Sommerville, “ Sofware engineering”, 7th Edition, Pearson Education. Grady Booch, ames Rumbaugh, IvarJacobson: “Unified Modelling
McGraw Hills,2001.
2.
3.
Language User Guide”, Pearson education. WEB SITES:
1. www.google.com 2. http://en.wikipedia.org
INTRODUCTION
1. INTRODUCTION
2
Many software systems have evolved to include a Web-based component that makes them available to the public via the Internet and can expose them to a variety of Web-based attacks. SQL Injection Attacks (SQLIAs) are one of the most significant of such threats. SQLIAs have become increasingly frequent and pose very serious security risks because they can give attackers unrestricted access to the databases that underlie Web applications. We need to prevent it from the attackers and provide security to the database.
We use two techniques one is called positive tainting it is based on the identification, marking, and tracking of trusted, rather than untrusted, data. Second one is Syntax Aware Evaluation. Syntax Aware Evaluation allows the user to enter both trusted and untrusted data until it doesn’t cause any SQL Injection. The key feature of syntax aware evaluation is that it considers the context in which trusted and untrusted data is used to make sure that all parts of a query other than string or numeric literals consist only of trusted characters. As long as untrusted data is confined to literals, we are guaranteed that no SQLIA can be performed. We have implemented our techniques in the tool web application SQLInjection Preventor (WASP). WASP was able to stop all of the otherwise successful attacks and did not generate any false positives.
2. OBJECTIVE OF THE PROJECT
3
2.1 SCOPE The objective of this series is to introduce Oracle users to some of the dangers of SQL injection and to suggest some simple ways of protecting against these types of attack. SQL injection techniques are an increasingly dangerous threat to the security of information stored upon Oracle Databases. 2.2 EXISTING SYSTEM SQL Injection Attacks (SQLIAs) are one of the most significant of such threats. SQLIAs have become increasingly frequent and pose very serious security risks because they can give attackers unrestricted access to the databases that underlie Web applications. Inadequate input validation can enable attackers to gain complete access to such databases. One way in which this happens is that attackers can submit input strings that contain specially encoded database commands. When the Web application builds a query by using these strings and submits the query to its underlying database, the attacker’s embedded commands are executed by the database and the attack succeeds. If user input is not properly validated, attackers may be able to change the developer’s intended SQL command by inserting new SQL keywords or operators through specially crafted input strings.
2.3 PROPOSED SYSTEM The general mechanism that we use to implement this approach is based on dynamic tainting, which marks and tracks certain data in a program at runtime.
4
Syntax-aware evaluation lets us address security problems that are derived from mixing data and code while still allowing for this mixing to occur. It gives developers a mechanism for regulating the usage of string data based not only on its source but also on its syntactical role in a query string.
The first conceptual advantage of our approach is the use of positive tainting. Positive tainting identifies and tracks trusted data.
In Web applications, sources of trusted data can more easily and accurately be identified than untrusted data sources. Therefore, the use of positive tainting leads to increased automation.
The practical advantages of our approach are that it imposes a low overhead on the application and it has minimal deployment requirements. Efficiency is achieved by using a specialized library, called Meta Strings, that accurately and efficiently assigns and tracks trust markings at runtime.
2.4 ALGORITHM & EXPLANATION 2.4.1 Use-case specification :< Positive Tainting>
Brief Description
5
This use case is used to track and identifies the trusted data from the web applications. Basic Flow This use case begins when a user enters the system by providing their username and password. Alternative Flows <Invalid flow> If no valid details are provided then an error message is shown. Pre Conditions The user should login by providing the details. Post Conditions If the use case completes successfully then the customer enters the system successfully. 2.4.2 Use-case specification :< Character Level Tainting>
Brief Description In this use case we track taint information at the character level rather than at the string level.
Basic Flow
6
This use case begins when we provide a query string. We track taint information at the character level rather than at the string level. We do this because, for building SQL queries Alternative Flows <Invalid flow> If the string intializer is not invoked then the module will not check for character level tainting. Pre Conditions The Character Level Tainting module should be selected. Post Conditions If the use case completes successfully then the type of injection will be identified. 2.4.3 Use-case specification :< Syntax Aware Evaluation>
Brief Description Syntax Aware Evaluation considers the context in which trusted and untrusted data is used to make sure that all parts of a query other than string or numeric literals (for example, SQL keywords and operators) consist only of trusted characters
Basic Flow
7
This use case will be performed immediately before the query has been executed. Alternative Flows <Invalid flow> Meta data library should be initialized along with this module. Pre Conditions The Syntax Aware Evaluation module should be selected. Post Conditions If the use case completes successfully then the injected query will be identified. 2.5 TECHNOLOGIES JAVA Java technology is both a programming language and a platform. The Java Programming Language The Java programming language, developed at Sun Microsystems under the guidance of Net luminaries James Gosling and Bill Joy, is designed to be a machine-independent programming language that is both safe enough to traverse networks and powerful enough to replace native executable code. The Java programming language is a high-level language that can be characterized by all of the following buzzwords:
Simple
Architecture neutral
Object oriented Portable Distributed High performance
8
Interpreted Robust Secure
Multithreaded Dynamic
With most programming languages, you either compile or interpret a program so that you can run it on your computer. The Java programming Language is unusual in that a program is both compiled and interpreted. With the compiler, first you translate a program into an intermediate language called Java byte codes —the platform-independent codes interpreted by the interpreter on the Java platform. The interpreter parses and runs each Java byte code instruction on the computer. Compilation happens just once; interpretation occurs each time the program is executed. The following figure illustrates how this works.
We can think of Java bytecode as the machine code instructions for the Java Virtual Machine (Java VM). Every Java interpreter, whether it's a development tool or a Web browser that can run applets, is an implementation of the Java VM. Java bytecode help make "write once, run anywhere" possible. We can compile your program into bytecode on any platform that has a Java compiler. The bytecode can then be run on any implementation of the Java VM. That means that as long as a computer has a Java VM, the same program written in the Java programming language can run on Windows 2000, a Solaris workstation, or an iMac.
9
The Java Platform A platform is the hardware or software environment in which a program runs. We've already mentioned some of the most popular platforms like Windows 2000, Linux, Solaris, and MacOS. Most platforms can be described as a combination of the operating system and hardware. The Java platform differs from most other platforms in that it's a software-only platform that runs on top of other hardwarebased platforms. The Java platform has two components: •
•
The Java Virtual Machine (Java VM) The Java Application Programming Interface (Java API)
A Virtual Machine Java is both a compiled and an interpreted language. Java source code is turned into simple binary instructions, much like ordinary microprocessor machine code. However, whereas C or C++ source is refined to native instructions for a particular model of processor, Java source is compiled into a universal format—instructions .Compiled Java byte-code, also called J-code, is executed by a Java runtime interpreter. The runtime system performs all the normal activities of a real processor, but it does so in a safe, virtual environment. It executes the stack-based instruction set and manages a storage heap. It creates and manipulates primitive datatypes, and loads and invokes newly referenced blocks of code. Most importantly, it does all this in accordance with a strictly defined open specification that can be implemented by anyone who wants to produce a Java-compliant virtual
10
machine. Together, the virtual machine and language definition provide a complete specification. There are no features of Java left undefined or implementation-dependent. For example, Java specifies the sizes of all its primitive data types, rather than leave it up to each implementation. The Java interpreter is relatively lightweight and small; it can be implemented in whatever form is desirable for a particular platform. On most systems, the interpreter is written in a fast, natively compiled language like C or C++. The interpreter can be run as a separate application, or it can be embedded in another piece of software, such as a web browser. All of this means that Java code is implicitly portable. The same Java application byte-code can run on any platform that provides a Java runtime environment, as shown in Figure 1.1. You don't have to produce alternative versions of your application for different platforms, and you don't have to distribute source code to end users.
The JAVA Runtime environment The fundamental unit of Java code is the class. As in other object-oriented languages, classes are application components that hold executable code and data. Compiled Java classes are distributed in a universal binary format that contains Java byte-code and other
11
class information. Classes can be maintained discretely and stored in files or archives on a local system or on a network server. Classes are located and loaded dynamically at runtime, as they are needed by an application. The Java API is a large collection of ready-made software components that provide many useful capabilities, such as graphical user interface (GUI) widgets. The Java API is grouped into libraries of related classes and interfaces; these libraries are known as packages. The next section, What Can Java Technology Do?, highlights what functionality some of the packages in the Java API provides. The following figure depicts a program that's running on the Java platform. As the figure shows, the Java API and the virtual machine insulate the program from the hardware.
Native code is code that after you compile it, the compiled code runs on a specific hardware platform. As a platform-independent environment, the Java platform can be a bit slower than native code. However, smart compilers, well-tuned interpreters, and just-in-time byte code compilers can bring performance close to that of native code without threatening portability. What Can Java Technology Do? The most common types of programs written in the Java programming language are applets and applications. If you've surfed the Web, you're probably already familiar with applets. An applet is a program that adheres to certain conventions that allow it to run within a Java-enabled browser. However, the Java programming language is not just for writing cute, entertaining applets for the Web. The general-purpose, high-level Java programming language is
12
also a powerful software platform. Using the generous API, you can write many types of programs. An application is a standalone program that runs directly on the Java platform. A special kind of application known as a server serves and supports clients on a network. Examples of servers are Web servers, proxy servers, mail servers, and Print servers. Another specialized program is a servlet. A servlet can almost be thought of as an applet that runs on the server side. Java Servlets are a popular choice for building interactive web applications, replacing the use of CGI scripts. Servlets are similar to applets in that they are runtime extensions of applications. Instead of working in browsers, though, servlets run within Java Web servers, configuring or tailoring the server. How does the API support all these kinds of programs? It does so with packages of software components that provides a wide range of functionality. Every full implementation of the Java platform gives you the following features:
• • • •
The essentials: Objects, strings, threads, numbers, input and output, data Applets: The set of conventions used by applets. Networking: URLs, TCP (Transmission Control Protocol), UDP (User Internationalization: Help for writing programs that can be localized for
structures, system properties, date and time, and so on.
Data gram Protocol) sockets, and IP (Internet Protocol) addresses. users worldwide. Programs can automatically adapt to specific locales and be displayed in the appropriate language.
• • • •
Security: Both low level and high level, including electronic signatures, Software components: Known as JavaBeansTM, can plug into existing Object serialization: Allows lightweight persistence and communication Java Database Connectivity (JDBCTM): Provides uniform access to a wide
public and private key management, access control, and certificates. component architectures. via Remote Method Invocation (RMI). range of relational databases.
13
The Java platform also has APIs for 2D and 3D graphics, accessibility, servers, collaboration, telephony, speech, animation, and more. The following figure depicts what is included in the Java 2 SDK.
How Will Java Technology Change My Life? We can't promise you fame, fortune, or even a job if you learn the Java programming language. Still, it is likely to make your programs better and requires less effort than other languages. We believe that Java technology will help you do the following:
•
Get started quickly: Although the Java programming language is a
powerful object-oriented language, it's easy to learn, especially for programmers already familiar with C or C++.
•
Write less code: Comparisons of program metrics (class counts, method
counts, and so on) suggest that a program written in the Java programming language can be four times smaller than the same program in C++.
14 •
Write better code: The Java programming language encourages good
coding practices, and its garbage collection helps you avoid memory leaks. Its object orientation, its JavaBeans component architecture, and its wide-ranging, easily extendible API let you reuse other people's tested code and introduce fewer bugs.
•
Develop programs more quickly: Your development time may be as much
as twice as fast versus writing the same program in C++. Why? You write fewer lines of code and it is a simpler programming language than C++.
•
Avoid platform dependencies with 100% Pure Java: You can keep your
program portable by avoiding the use of libraries written in other languages. The 100% Pure JavaTM Product Certification Program has a repository of historical process manuals, white papers, brochures, and similar materials online.
•
Write once, run anywhere: Because 100% Pure Java programs are
compiled into machine-independent bytecodes, they run consistently on any Java platform.
•
Distribute software more easily: You can upgrade applets easily from a
central server. Applets take advantage of the feature of allowing new classes to be loaded "on the fly," without recompiling the entire program.
The java development team which included Patrick Naught on discovered that the existing language like C and C++ had limitations in terms of both reliability and portability. However, the language java on C and C++ but removed a number of features of C and C++ that were considered as sources of problems and thus made java a really simple, reliable, portable and powerful language.
Specifically, this overview will include a bit include a bit of the history of java platform, touch of the java programming language, and the ways in which people are using java applications and applets, now and in the likely future. After going a while down the path of consumer – electronics devices, they realized that they had something particularly cool in the java language and focused on it as a language for network computing. Sun
15
formed the java soft group which in a little over three years has grown to over six hundred people working on java related technologies. Features of JAVA: Platform – Independent: Changes and upgrades in operating systems, processors and system resources will not force any change in java programs. This is the reason why Java has become a popular language for programming on Internet. Portable: Java ensures portability in two ways. First, java compiler generates bytecode instructions that can be implemented on any machine. Secondly, the size of the primitive data types is machine independent. Object oriented: Java is a true objected oriented language. Almost everything in java is an object. All program code and data must reside within objects and classes. Java comes with an extensive set of classes arranged in packages that we can use in out programs by inheritance. The object model in java is simple and easy to extend. Distributed: Java is designed as a distributed language for creating applications on networks. It has the ability to share both date and programs.
Dynamic: Java is a dynamic language. Java is capable of dynamically linking new class, libraries, methods and objects. Secure:
16
Since java supports applets which are programs that are transferred through internet, there may arise a security threat. But java overcomes this problem by confining the applets to the runtime package or JVM and thus it prevents infections and malicious contents. Robust: Java is said to be robust in two ways 1. Java allocates and de-allocates its dynamic memory on its own. 2. Java provides exception.
Multithreaded: Java supports multithreaded programs which allow you to write programs that do many things simultaneously. This is used in interactive network programs. Interpreted: The byte code is interpreted by JVM. Even though interpreted, Java provides high performance. The byte code generated by the Java compiler for translating to native machine code with high performance but the Just In Time (JIT) compiler in java. JAVA Components: • • • • • • • • • Swing J Frame J File Chooser J Scroll Pane Image Media Tracker String Tokenizer Buffered Image Container
17
Swing: Swing is a set of classes that provides more powerful and flexible components that are possible with AWT and hence we adapted swing. In addition to normal components such as buttons, check box, labels swing includes tabbed panes, scroll panes, trees and tables. It provides extra facilities than the normal AWT components. J Frame: Like AWT’s frame class, the J Frame class can generate events when things happen to the window, such as the window being closed, activated, iconified or opened. These events can be sent to a window Listener if one is registered with the frame. J File Chooser: It provides a simple mechanism for the user to choose a file. Here it points the users default directory. It includes the following methods: Show Dialog: Pops a custom file chooser dialog with a custom approve button. Set Dialog Type: Sets the type of this dialog. Use open-dialog when we want to bring up a file chooser that the user can use to open file. Use save-dialog for letting the user choose a file for saving. Set Dialog Title: Set the given string as the title of the J File Chooser window. J Scroll Pane: Encapsulates a scrollable window. It is a component that represents a rectangle area in which a component may be viewed. It provides horizontal and vertical scrollbar if necessary.
18
Image: The image class and the java.awt.image package, together provide the support for imaging both for the display and manipulation of web design. Images are objects of the image class, and they are manipulated using the classes found in the java.awt.image package. Media Tracker: Many early java developers found the image observer interface is far too difficult to understand and manage when there were multiple images to be loaded. So the developer community was asked to provide a simpler solution that would allow programmers to load all of their images synchronously. In response to this, Sun Microsystems added a class to AWT called media tracker. A media tracker is an object that will check the status of an arbitrary number of images in parallel. The add Image method of it is used to track the loading status of the image. String Tokenizer: The processing of text often consists of parsing a formatted input string. Parsing is the division of the text in to set of discrete parts or tokens, which in a certain sequence can convey can convey a semantic meaning. The StringTokenizer provides first step in this parsing process, often called the lexer or scanner. StringTokenizer implements the Enumeration interface. Therefore given an input sting, we can enumerate the individual tokens contained in it using String Tokenizer. Buffered Image: In previous versions of Java, it was very difficult to manipulate images on a pixelby-pixel basis. We have to either create an mage filter to modify the pixels as they came through the filter, or we have to make a pixel grabber to grab an image and then create a
19
Memory Image Source to turn the array of pixels in to an image. The buffered Image class provides a quick, convenient shortcut by providing an image whose pixels can be manipulate directly.
20
SOFTWARE ANALYSIS
3
SYSTEM REQUIREMENTS
3.1 Hardware requirements PROCESSOR RAM HARD DISK : : Pentium-IV 2.4 GHz or Higher Configuration
256MB : 10.2GB
3.2 Software requirements Operating System : Windows 2000 or above.
21
Pages developed using : Java Server Pages and HTML. Techniques Web Browser Data Bases Client Side Scripting : Apache Tomcat Web Server 5.0, JDK 1.5 or higher : Microsoft Internet Explorer. : SQL-Server 2005 or Ms-Access. : Java Script
22
SYSTEM DESIGN
4
DESIGN
4.1 SYSTEM ARCHITECTURE
23
MODULE DESCRIPTION Positive Tainting. Character-level tainting Syntax aware Online Banking
Admin Customer Credit Card
POSITIVE TAINTING Positive tainting differs from traditional tainting because it is based on the identification, marking, and tracking of trusted, rather than untrusted, data. This conceptual difference has significant implications for the effectiveness of our approach, in that it helps address problems caused by incompleteness in the identification of relevant data to be marked. Incompleteness, which is one of the major challenges when implementing a security based on dynamic tainting, has very different consequences in negative and positive tainting. In the case of negative tainting, incompleteness leads to trusting data that should not be trusted and, ultimately, to false negatives CHARACTER-LEVEL TAINTING We track taint information at the character level rather than at the string level. We do this because, for building SQL queries, strings are constantly broken into sub strings, manipulated, and combined. By associating taint information to single characters, our
24
approach can precisely model the effect of these string operations. Another alternative would be to trace taint data at the bit level, which would allow us to account for situations where string data are manipulated as character values using bit wise operators. However, operating at the bit level would make the approach considerably more expensive and complex to implement and deploy. Most importantly, our experience with Web applications shows that working at a finer level of granularity than a character would not yield any benefit in terms of effectiveness. Strings are typically manipulated using methods provided by string library classes and we have not encountered any case of query strings that are manipulated at the bit level .Accounting for string manipulations. To accurately maintain character-level taint information, we must identify all relevant string operations and account for their effect on the taint markings. Our approach achieves this goal by taking advantage of the encapsulation offered by object oriented languages, in particular by Java, in which all string manipulations are performed using a small set of classes and methods. Our approach extends all such classes and methods by adding functionality to update taint markings based on the method’s semantics. SYNTAX AWARE The key feature of syntax aware evaluation is that it considers the context in which trusted and untrusted data is used to make sure that all parts of a query other than string or numeric literals (for example, SQL keywords and operators) consist only of trusted characters. As long as untrusted data is confined to literals, we are guaranteed that no SQLIA can be performed. Our technique performs syntax-aware evaluation of a query string immediately before the string is sent to the database to be executed. To evaluate the query string, the
25
technique first uses a SQL parser to break the string into a sequence of tokens that correspond to SQL keywords, operators, and literals. The technique then iterates through the tokens and checks whether tokens (that is, sub strings) other than literals contain only trusted data. If all such tokens pass this check, the query is considered safe and is allowed to execute. If an attack is detected, a developer specified action can be invoked.
ADMIN LOGIN To access our site ever person must login in that page it have account number and password .the admin must enter his account number and password that values is checked in the data base whether the give values in correct if the give value is correct means is show the next page other wise it return to login page with error message (Invalid account number and password). This is normal procedure but the user can login with out his password by injecting the SQL Query so to solve this problem we develop the tool (WASP) to find the user input is valid data or not. That tool contain a technique is positive tainting and syntaxawareness .it check wither the inputs is injected the present query or not .If the present value is inject the query means that tool doesn’t send the data To the SQL Query .if the data is good means it send the data to the database through the SQL Query . To invoke the WASP tool the user want to click any one of radio button in the login page. Once you click it check’s full project
26
After the admin login success admin have the sub modules .in our project we checked all the data’s whether the give data is correct or not then we send the data to the database. NEW REGISTRATION After the admin login successfully the first sub modules is registration module. In this module admin enter the new user details ie.name, address, occupation, type of account… account number, pin number and amount. By the use of the account number and pin only customer login in his module. Before the data insert into data bases it check whether the account is available or not then it insert the data. Before the given values going to the query the WASP tool check whether the given data is injecting the present query or not .if it injected the query it not send the value to data base and return to the same page with message your value is invalid. TRANSACTION This is the second module of admin module in this admin can view only the transaction details .in that page it shows user details that’s are sender name, data and time, reciver name, account number, amount you send it. CUSTOMER DETAILS This is the third module of the admin in this module in show the customer details. This module is use to edit some details of the particular customer. In this module it show all the customer details who are all in our bank when you want to delete or edit the particular customer details click his name and it show the all the details of the that
27
customer admin go and edit the particular field which we want to edit and press the update button. To delete the customer details select the customer name, which you want to delete and press the delete option it, delete the full detail of the customer. Before the given values going to the query the WASP tool check whether the given data is injecting the present query or not .if it injected the query it not send the value to data base and return to the same page with message your value is invalid. CUSTOMER This module customer can view his details and change the password and send the amount to another account. To process this he/she must login by his account number and password. This module has two sub-modules. 2.5.2.1 Login 2.5.2.2 Customer details 2.5.2.3 Transaction LOGIN To access our site ever person must login in that page it have account number and password .The customer must enter his account number and password that values is checked in the data base whether the give values in correct if the give value is correct means is show the next page other wise it return to login page with error message (Invalid account number and password). This is normal procedure but the user can login with out his password by injecting the Sqlquery so to solve this problem we develop the tool (WASP) to find the user input is valid data or not. That tool contain a technique is positive
28
tainting and syntax-awareness .it check wither the inputs is injected the present query or not .If the present value is inject the query means that tool doesn’t send the data To the SQL Query .if the data is good means it send the data to the database through the sqlquery. To invoke the WASP tool the user wants to click any one of radio button in the login page. Once you click it check’s full project After the customer login success admin have the sub modules .in our project we checked all the data’s whether the give data is correct or not then we send the data to the database. CUSTOMER DETAILS This is the first module of the customer in this module customer can change his password of his account because admin only create his account and pin number it was known to the admin in not safe so we want to change the pin number .the customer can have access to change it pin number only. Before the value going to sqlquery the WASP tool check each given data is good or not i.e. whether it injected the present query or not. TRANSACTION In this module the customer can send the amount from his account to another account if that sending amount is available or not .to send the amount the customer must login and move to the transaction module and type the account number and amount which we want to send and press the enter button. Before the value send to the database the
29
WASP tool invoke and check the given data is injected the present SQLQuery or not. Then only it was send to database.
CREDIT CARD Login in: To access our site ever person must login in that page it have account number and password .the customer must enter his account number and password that values is checked in the data base weather the give values in correct if the give value is correct means is show the next page other wise it return to login page with error message (Invalid account number and password ) .This is normal procedure but the user can login with out his password by injecting the Sqlquery so to solve this problem we develop the tool(WASP) to find the user input is valid data or not .that tool contain a technique is positive tainting and syntax-awareness .it check wither the inputs is injected the present query or not .If the present value is inject the query means that tool doesn’t send the data To the SQL Query .if the data is good means it send the data to the database through the SQL Query. To invoke the WASP tool the user wants to click any one of radio button in the login page .once you click it check’s full project. In this module customer can bay the bill to his due by login in this credit card account, it have one sub-module. Bill credit:
30
After the customer login successfully it show the sub module in that module. The customer can pay his bills through his card .in our project we set two option to pay the bill one is electric bill another bill is cell phone bill. when we click bill links to show the current account balance and we can pay the bill and the particular amount his reduce in his own account. Before the given values going to the query the WASP tool check weather the given data is injecting the present query or not .if it injected the query it not send the value to data base and return to the same page with message your value is invalid.
31
UML DIAGRAMS
32
5
UML DIAGRAMS
Unified Modeling Language Diagrams • The unified modeling language allows the software engineer to express an analysis model using the modeling notation that is governed by a set of syntactic semantic and pragmatic rules. • A UML system is represented using five different views that describe the system from distinctly different perspective. Each view is defined by a set of diagram, which is as follows. User Model View This view represents the system from the users perspective. The analysis representation describes a usage scenario from the end-users perspective. Structural model view In this model the data and functionality are arrived from inside the system. This model view models the static structures Behavioral Model View It represents the dynamic of behavioral as parts of the system, depicting the interactions of collection between various structural elements described in the user model and structural model view. Implementation Model View In this the structural and behavioral as parts of the system are represented as they are to be built. Environmental Model View
33
In this the structural and behavioral aspects of the environment in which the system is to be implemented are represented. UML is specifically constructed through two different domains they are UML Analysis modeling, this focuses on the user model and structural model views of the system. UML design modeling, which focuses on the behavioral modeling, implementation modeling and environmental model views.
Diagrams overview In UML has 14 types of diagrams divided into two categories. Seven diagram types represent structural information, and the other seven represent general types of behavior, including four that represent different aspects of interactions.
34
CLASS DIAGRAM Identification of analysis classes: A class is a set of objects that share a common structure and common behavior (the same attributes, operations, relationships and semantics). A class is an abstraction of real-world items. .
Cerdit Card Accnumber() Password()
cre dit
CreditProcess Bill process()
dit cre
Customer Login Database Accnumber() password() customer check() update() delete() insert()
CustomerHome User details() Transaction()
customer
in Adm
Admin Home Reistration() transation() customer details() Amount credit()
Admin username() password()
Ad mi n
USECASE DIAGRAM
35
A use case in software engineering and systems engineering is a description of a system’s behavior as it responds to a request that originates from outside of that system. In other words, a use case describes "who" can do "what" with the system in question. The use case technique is used to capture a system's behavioral requirements by detailing scenariodriven threads through the functional requirements.
5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7
36
SEQUENCE DIAGRAM A sequence diagram is a graphical view of a scenario that shows object interaction in a time-based sequence what happens first, what happens next. Sequence diagrams establish the roles of objects and help provide essential information to determine class responsibilities and interfaces.
admin enter login details
login
wasp
database
not injected
account number password
invalid account number password injected
37
COMPONENT DIAGRAM The different high-level reusable parts of a system are represented in a Component diagram. A component is one such constituent part of a system. In addition to representing the high-level parts, the Component diagram also captures the inter-relationships between these parts.
38
DEPLOYMENT DIAGRAM Deployment Diagram Deployment diagrams depict the physical resources in a system including nodes, components, and connections. Basic Deployment Diagram Symbols and Notations
39
IMPLEMENTATION
40
IMPLEMENTATION Implementation is the process of converting a new or revised system into an operational one. The design system is converted into operational one using programming language. The project “SECURING WEB APPLICATIONS USING WASP” is implemented using JAVA and JSP. PROBLEMS FACED AND LESSONS LEARNT There are some problems that I came across during the Software Development Life Cycle. This is the stage where I confirm weather the project has achieved the ultimate goal or not. I faced problems mostly in testing phase. Testing encompasses a set of activities that were conducted systematically. This begins at the module level and works outward towards the integration of the entire system. The purpose of testing is to identify various bugs and to fix them. For each and every module there are some problems during implementation and testing. It takes some time to solve the problems but the coding techniques help to solve the problems. The lessons learnt from the problems and by solving the problems are that which ultimately leads to suffice the quality factor such as correctness, reliability, efficiency, usability, maintainability, portability, accuracy, error tolerance and expandability.
41
TESTING
42
6. Testing objectives
TESTING
# Testing is a process of executing a program with the intent of finding an error. # A good test has a high probability of finding an as yet undiscovered error. # A successful test is one that uncovers an as yet undiscovered error The objective is to design tests that systematically uncover different classes of errors and do so with a minimum amount of time and effort. Testing cannot show the absence of defects, it can only show that software defects are present. 1.Unit Testing: Purpose Unit testing focuses verification effort on the smallest unit of software design. Each of the modules in this project was verified individually for errors. The goal of this test is to verify and validate proper data. Interface # Number of input parameters should be equal to number of arguments # Parameter and argument attributes must match # Parameters passed should be in correct order # Global variable definitions consistent across modules.
If module does I/O:
43
* File attributes should be correct * Open/Close statements must be correct * Format specifications should match I/O statements * Buffer Size should match record size * Files should be opened before use * End of file condition should be handled * I/O errors should be handled * Any textual errors in output information must be checked. Local Data Structures (common source of errors!) # Improper or inconsistent typing # Erroneous initialization or default values # Incorrect variable names # Inconsistent date types # Overflow, underflow, address exceptions
Boundary conditions and Independent paths Error Handling
44
# Error description unintelligible # Error noted does not correspond to error encountered # Error condition handled by system run-time before error handler gets control # Exception condition processing incorrect 2. Integration Testing: Purpose Integration testing is a systematic technique for constructing the program structure, while at the same time unit tested modules were taken, and the program structure that was specified in the design was built, and then testing was carried out. Top down Integration Modules integrated by moving down the program design hierarchy. Can use depth first or breadth first top down integration. Verifies major control and decision points early in design process. Top-level structure tested most. Depth first implementation allows a complete function to be implemented, tested and demonstrated. Can do depth first implementation of critical functions early. Top down integration forced (to some extent) by some development tools in programs with graphical user interfaces.
Bottom up Integration Begin construction and testing with atomic modules (lowest level modules).Bottom up integration testing as its name implies begins construction and testing with atomic modules. Because modules are integrated from the bottom up, processing required for
45
modules subordinate to a given level is always available and the need for stubs is eliminated. 3. Validation Testing: Validation testing is aims to demonstrate that the software functions in a manner that can be reasonably expected by the customer. This tests conformance the software to the Software Requirements Specification. Validation Test Criteria A set of black box test is to demonstrate conformance with requirements. To check that all functional requirements satisfied, all performance requirements achieved, documentation is correct and ' human-engineered', and other requirements are met (e.g. compatibility, error recovery, and maintainability). When validation tests fail it may be too late to correct the error prior to scheduled delivery. Need to negotiate a method of resolving deficiencies with the customer. Configuration Review An audit to ensure that all elements of the software configuration are properly developed catalogued and has all the necessary detail to support maintenance.
4. Alpha and Beta Testing: It is difficult to anticipate how users will really use software. If there is one customer, a series of acceptance tests are conducted (by the customer) to enable the customer to validate all requirements. If software is being developed for use by multiple
46
customers, cannot use acceptance testing. An alternative is to use alpha and beta testing to uncover errors. A customer conducts alpha testing at the developer's site. The customer uses the software with the developer 'looking over the shoulder' and recording errors and usage problems. Alpha testing conducted in a controlled environment. Beta testing is conducted at one or more customer sites by end users. It is 'live’ testing in an environment not controlled by developer. The customer records and reports difficulties and errors at regular intervals. 5. System Testing: Software is only one component of a system. Software will be incorporated with other system components and system integration and validation test performance. 6. Recovery Testing: Many systems need to be fault tolerant-processing faults must not cause overall system failure. Other systems require after a failure within a specified time. Recovery testing is the forced failure of the software in a variety of ways to verify that recovery is properly performed. 7. Security Testing: System with sensitive information or which have the potential to harm individuals can be target for improper or illegal use. This can include:
# attempted penetration of the system by outside individuals for fun or personal gain. # disgruntled or dishonest employees. During security testing the tester plays the role of the individual trying to penetrate the system. Large range of methods:
47
# Attempt to acquire passwords through external clerical means. # Use custom software to attack the system # Overwhelm the system with requests # Cause system errors and attempt to penetrate the system during recovery. # Browse through insecure data. Given time and resources, the security of most systems can be breached. 8. Performance Testing: For real-time and embedded systems, functional requirements may be satisfied but performance problems make the system unacceptable. Performance testing checks the runtime performance in the context of the integrated system Can be coupled with stress testing, May require special software instrumentation. Testing under various software development stages: 1. Requirements Stage: The requirements documents are tested by disciplined inspection and review. The preparation of test plan, which should include: 1. Specification 2. Description of test precious 3. Test milestones 4. Test Schedule 5. Test data reduction
48
6. Evaluation criteria 2. Design Stage: Design products are tested by analysis, simulation, walkthrough and inspection. Test data for functions are generated. Test cases based on structure of system are generated. 3. Construction Stage: This Stage includes the actual execution of code with test data. Code walkthrough and inspection are conducted. Static analysis, Dynamic analysis, Construction of test drivers, hair nesses and stubs are done. Control and management of test process is critical. All test sets, test results and test reports should be catalogued and stored.
1. Operation and Maintenance Stage:
Modifications done to the software requires retesting this is termed regression testing. Changes at a given level will necessitate retesting at all levels below it. Approaches Two basics approach: 1. Black box or "Functional" analysis 2. White box or "Structural" analysis 1. Functional Testing: Boundary value analysis (Stress Testing) In this method the input data is partitioned and data inside and at the boundary of each partition is tested. Design based functional testing Functional hierarchy is constructed. For each function at each level external, non-ext external and special value test data are identified. Test data is identified such that it will generate external, non-external and special output values. Cause-effect graphing
49
In this method the characteristic input stimuli (Causes), characteristic output classes (effects) are identified. The dependencies are identified using specification. These details are presented as directed graph. Test cases are chosen to test dependencies. 2. Structural Testing: Coverage-based testing The Program is represented as control-flow graph. The paths are identified. Data are chosen to maximize paths executed under test conditions. For paths not always finite and those infeasible, Coverage metrics can be applied. Complexity-based testing The Cyclomatic Complexity is measured. The paths actually executed by program running on test data are identified and the actual complexity is set. A test set is devised which will drive actual complexity closer to Cyclomatic complexity. Test Data Analysis: During Test Data Analysis “The Goodness of the test data set" is taken into major consideration. that are
Statistical analysis and error seeding: Known errors are seeded into the code so that their placement is statistically similar to that of actual errors . Mutation Analysis: It is assumed that a set of test data that can uncover all simple faults in a program is capable of detecting more complex faults. In mutuation analysis a large number of simple faults, called mutuation,are introduced in a program one at a time .The resulting changed versions of the test program are called mutuats. Test data is then be constructed to cause these mutants to fail. The effectiveness of the test data set is measured by the percentage to mutants killed.
50
Test Results: The listed tests were conducted in the software at the various developments stages. Unit testing was conducted. The errors were debugged and regression testing was performed. The integration testing will be performed once the system is integrated with other related systems like Inventory, Budget etc. Once the design stage was over the Black Box and White Box Testing was performed on the entire application. The results were analyzed and the appropriate alterations were made. The test results proved to be positive and henceforth the application is feasible and test approved. IMPLEMENTATION: Implementation includes all those activities that take place to convert from the old system to the new. The new system may be totally new; replacing an existing manual or automated system, or it may be a major modification to an existing system. Proper implementation is essential to provide reliable system to meet the organizational requirements. Successful implementation may not guarantee improvement in the organizational using the new system, as well as, improper installation will prevent any improvement. The implementation phase involves the following tasks: * Careful Planning. * Investigation of system and constraints. * Design of methods to achieve the changeover. * Training of staff in the changeover phase. * Evaluation of changeover.
51
SCREEN SHOTS
52
7.
SCREEN SHOTS
Home page
53
login
54
Admin
55
56
FUTURE ENHANCEMENT AND CONCLUSION
8.
FUTURE ENHANCEMENT In this project we find the sql injection only in the login process, they don’t care
about other process in the application after he/she sign in to application they can inject any where in the application so we want to check the full application by using wasp , before the data going to query we want to check the each data by use of WASP and find the injected query before going to the database for the full application , so our future work is to check the full application with WASP. CONCLUSION This paper presented a novel highly automated approach for protecting Web applications from SQLIAs. Our approach consists of 1) Identifying trusted data sources and marking data coming from these sources as trusted, 2) Using dynamic tainting to track trusted data at runtime, and
57
3) Allowing only trusted data to form the semantically relevant parts of queries such as SQL keywords and operators. Unlike previous approaches based on dynamic tainting, our technique is based on positive tainting, which explicitly identifies trusted (rather than untrusted) data in a program. This way, we eliminate the problem of false negatives that may result from the incomplete identification of all untrusted data sources. False positives, although possible in some cases, can typically be easily eliminated during testing.
BIBILOGRAPHY
58
9.
REFERENCES
1. C. Anley, “Advanced SQL Injection In SQL Server Applications,” white paper, Next Generation Security Software, 2002.
2. S.W. Boyd and A.D. Keromytis, “SQLrand: Preventing SQL Injection Attacks,” Proc. Second Int’l Conf. Applied Cryptography and Network Security, pp. 292-302, June 2004.
59
3. J. Clause, W. Li, and A. Orso, “Dytan: A Generic Dynamic Taint Analysis Framework,” Proc. Int’l Symp. Software Testing and Analysis, pp. 196-206, July 2007.
4. W.R. Cook and S. Rai, “Safe Query Objects: Statically Typed Objects as Remotely Executable Queries,” Proc. 27th Int’l Conf. Software Eng., pp. 97-106, May 2005.
TEXT BOOKS:
1.
Herrbert Schildt, “The Complete Reference JAVA 2”,7th Edition Tata Sommerville, “ Sofware engineering”, 7th Edition, Pearson Education. Grady Booch, ames Rumbaugh, IvarJacobson: “Unified Modelling
McGraw Hills,2001.
2.
3.
Language User Guide”, Pearson education. WEB SITES:
1. www.google.com 2. http://en.wikipedia.org
