SHIELDING AGAINST WEB APPLICATION ASSAULTS USING PASSWORD GUESSING RESISTANT PROTOCOL

An intrusion detection system (IDS) is designed to monitor all inbound and outbound network activity and identify any suspicious patterns that may indicate a network or system attack from someone attempting to break into or compromise a system. IDS is a passive-monitoring system, since the main function of an IDS product is to warn you of suspicious activity taking place not prevent them. An IDS essentially reviews your network traffic and data and will identify probes, attacks, exploits and other vulnerabilities. IDSs can respond to the suspicious event in one of several ways, which includes displaying an alert, logging the event, or even paging an administrator. The proposed protocol called Password Guessing Resistant Protocol (PGRP), helps in preventing such attacks and provides a pleasant login experience for legitimate users, helps in preventing such attacks. PGRP limits the number of logins attempts for unknown users to one, and then challenges the unknown user with an Automated Turing Test (ATT). We provide an analysis on various defense mechanisms against web code injection attacks. We see that attack prevention may take place either at the server or the client-side. Our results show that it is possible to detect low false positive rate and we can prevent from insider attack by providing high level of encryption by using random generated questions and by securing the database by sending encrypted otp via mail and then authentication is done.