检索结果-内蒙古大学图书馆

3rd Information Systems International Conference

作者： Saleh, Ain Zubaidah Mohd Rozali, Nur Amizah Buja, Alya Geogiana Jalil, Kamarularifin Abd. Ali, Fakariah Hani Mohd Rahman, Teh Faradilla Abdul Univ Teknol MARA Shah Alam 40000 Malaysia Univ Teknol MARA Merlimau 77300 Melaka Malaysia Univ Teknol MARA Kuala Selangor 42300 Selangor Malaysia

Internet have become a great medium of communication as it is free, supportive, entertaining and easily for reachable to millions of people today. The usage of Internet among people become higher day by day, thus also increase the number of web application. Nevertheless, most of the web application exists have some vulnerability as there are some irresponsible people known as hacker that able to interrupt the peace of it. Some of well-known web application vulnerabilities are SQL Injection, Buffer Overflow, Cross Site Scripting and Cross Site request Forgery. In order to overcome this vulnerabilities, it is important to detect first the problem before prevent it. At present, there are a lot of web application vulnerabilities scanner that have been proposed by researcher for detecting web application vulnerabilities such as Acunetix WVS by Acunetix, Netsparker by Mavituna Security, w3af by w3af. org and Firefuzzer. However, these scanners have some limitation such as higher false negative although some of it has no false positive. Therefore, this paper proposed a technique aim to solve these issues by developing a detection method for detect the web application vulnerabilities by using Boyer-Moore String Matching Algorithm. Numerous experiments have been conducted in order to evaluate the performance. The result shows that proposed method has performed well in terms of the ability to accurately detect vulnerabilities based on false negative and have no false positive with low processing time. (C) 2015 Published by Elsevier B. V.

关键词： web application vulnerabilities SQL Injection Buffer Overflow Cross-Site Scripting Cross-Site Request Forgery

来源：评论

学校读者我要写书评

暂无评论

Predicting Common web application vulnerabilities from Input Validation and Sanitization Code Patterns 12

Predicting Common Web Application Vulnerabilities from Input...

引用

27th IEEE/ACM International Conference on Automated Software Engineering (ASE)

作者： Shar, Lwin Khin Tan, Hee Beng Kuan Nanyang Technol Univ Sch Elect & Elect Engn Singapore 639798 Singapore

ISBN: (纸本)9781450312042

Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding alternative solutions to address these risks remains an important research problem. As web applications generally adopt input validation and sanitization routines to prevent web security risks, in this paper, we propose a set of static code attributes that represent the characteristics of these routines for predicting the two most common web application vulnerabilities-SQL injection and cross site scripting. In our experiments, vulnerability predictors built from the proposed attributes detected more than 80% of the vulnerabilities in the test subjects at low false alarm rates.

关键词： Defect prediction static code attributes web application vulnerabilities input validation and sanitization empirical study

来源：评论

学校读者我要写书评

暂无评论

A Survey on web application vulnerabilities and Countermeasures

A Survey on Web Application Vulnerabilities and Countermeasu...

引用

6th International Conference on Computer Sciences and Convergence Information Technology (ICCIT)

作者： Atashzar, Hasty Torkaman, Atefeh Bahrololum, Marjan Tadayon, Mohammad H. ICT Research Institute (ITRC) Iran

ISBN: (纸本)9788988678558

Security vulnerabilities continue to infect web applications, allowing attackers to access sensitive data and exploiting legitimate web sites as a hosting ground for malware. Consequently, researchers have focused on various approaches to detect and prevent critical classes of security vulnerabilities in web applications, including anomaly-based and misuse-based detection mechanisms, static and dynamic server-side and client-side web application security policy enforcement. This paper present a survey on web application security aspects includes critical vulnerabilities, hacking tools and also approaches to improve web application and websites security level.

关键词： web application Security web application vulnerabilities Fundamental and Mitigating Solution

来源：评论

学校读者我要写书评

暂无评论

Effect of Coding Styles in Detection of web application vulnerabilities 16

Effect of Coding Styles in Detection of Web Application Vuln...

引用

16th European Dependable Computing Conference (EDCC)

作者： Medeiros, Iberia Neves, Nuno Univ Lisbon Fac Ciencias LASIGE Lisbon Portugal

ISBN: (纸本)9781728189369

web application security has become paramount for the organisation's operation, and therefore, static analysis tools (SAT) for vulnerability detection have been widely researched in the last years. Nevertheless, SATs often generate errors (false positives & negatives), whose cause is recurrently associated with very diverse coding styles, i.e., similar functionality is implemented in distinct manners, and programming practices that create ambiguity, such as the reuse and share of variables. The paper presents an analysis of SAT's behaviour and results when they process various relevant web applications coded with different coding styles. Furthermore, it discusses if the SQL injection vulnerabilities detected by SATs as true positives are really exploitable. Our results demonstrate that SATs are built having in mind how to detect specific vulnerabilities, without considering such forms of programming. They call to action for a new generation of SATs that are highly malleable to be capable of processing the codes observed in the wild.

关键词： web application vulnerabilities static analysis tools coding styles SQLi exploitation software security

来源：评论

学校读者我要写书评

暂无评论

A Method for web application vulnerabilities Detection by Using Boyer-Moore String Matching Algorithm

引用

Procedia Computer Science 2015年 72卷 112-121页

作者： Ain Zubaidah Mohd Saleh Nur Amizah Rozali Alya Geogiana Buja Kamarularifin Abd. Jalil Fakariah Hani Mohd Ali Teh Faradilla Abdul Rahman Universiti Teknologi MARA Shah Alam 40000 Selangor Universiti Teknologi MARA Kampus Jasin Merlimau 77300 Melaka Universiti Teknologi MARA Kampus Puncak Alam Kuala Selangor 42300 Selangor

Internet have become a great medium of communication as it is free, supportive, entertaining and easily for reachable to millions of people today. The usage of Internet among people become higher day by day, thus also increase the number of web application. Nevertheless, most of the web application exists have some vulnerability as there are some irresponsible people known as hacker that able to interrupt the peace of it. Some of well-known web application vulnerabilities are SQL Injection, Buffer Overflow, Cross Site Scripting and Cross Site request Forgery. In order to overcome this vulnerabilities, it is important to detect first the problem before prevent it. At present, there are a lot of web application vulnerabilities scanner that have been proposed by researcher for detecting web application vulnerabilities such as Acunetix WVS by Acunetix, Netsparker by Mavituna Security, w3af by *** and Firefuzzer. However, these scanners have some limitation such as higher false negative although some of it has no false positive. Therefore, this paper proposed a technique aim to solve these issues by developing a detection method for detect the web application vulnerabilities by using Boyer-Moore String Matching Algorithm. Numerous experiments have been conducted in order to evaluate the performance. The result shows that proposed method has performed well in terms of the ability to accurately detect vulnerabilities based on false negative and have no false positive with low processing time.

关键词： web application vulnerabilities SQL Injection Buffer Overflow Cross-Site Scripting Cross-Site Request Forgery

来源：评论

学校读者我要写书评

暂无评论

Evaluation and monitoring of XSS defensive solutions: a survey, open research issues and future directions

引用

JOURNAL OF AMBIENT INTELLIGENCE AND HUMANIZED COMPUTING 2019年第11期10卷 4377-4405页

作者： Gupta, Shashank Gupta, B. B. Birla Inst Technol & Sci Dept Comp Sci & Informat Syst Pilani 333031 Rajasthan India Natl Inst Technol Kurukshetra Dept Comp Engn Kurukshetra 136119 Haryana India

XSS is well- thought-out to be an industry-wide problem that is affecting the diverse contemporary web platforms. The collection of most recent web application reports revealed that XSS reserved the topmost position among all other cyber-attacks. This survey article wishes to present the improvements related to XSS worm defensive methodologies. We have enlarged our discussion to different classes of XSS attacks, i. e., non-persistent, persistent, DOM-Based and mutation- based XSS attacks that has recently stated in the state-of-art. This complete survey offers full vision into the classification, avoidance, recognition and alleviation mechanisms of such attacks. In addition, broad solution classification has been designed for the classification of approaches used by numerous contributions. This article discusses the impact of real world XSS worms and the associated recent real world incidents of such worms. Existing client-side, server-side, proxy-enabled and certain other XSS defensive techniques was presented with an aim to recognize their key contributions and the current performance concerns. In the end, we present certain future research guidelines, a complete mechanism and the associated requirements towards the designing of an effective and robust XSS defensive methodology.

关键词： web application vulnerabilities JavaScript (JS) code injection attacks Cross-site scripting (XSS) worms Online social network (OSN) security Context-aware sanitization

来源：评论

学校读者我要写书评

暂无评论

XSS-immune: a Google chrome extension-based XSS defensive framework for contemporary platforms of web applications

引用

SECURITY AND COMMUNICATION NETWORKS 2016年第17期9卷 3966-3986页

作者： Gupta, Shashank Gupta, Brij Bhooshan Natl Inst Technol Dept Comp Engn Kurukshetra Haryana India

In this paper, the authors analyzed and discussed the performance issues in the existing cross-site scripting (XSS) filters and based on that, proposed a JavaScript string comparison and context-aware sanitization-based framework, XSS-immune. It is a browser-resident framework that compares the set of scripts embedded in hypertext transfer protocol request (H-REQ) and hypertext transfer protocol response (H-RES) for discovering any similar untrusted/malicious JavaScript code. This similar code points towards the untrusted JavaScript code that will be utilized by an attacker to exploit the vulnerabilities of XSS worms. In addition, our technique determines the context of such worms and performs the sanitization on them accordingly for alleviating the effect of such XSS worms from the real world web applications. We have also introduced a mechanism that can detect the injection of malicious parameter values by modifying the existing JavaScript code, that is, partial script injections. The prototype of XSS-immune was developed in Java and installed as an extension on the Google Chrome. In addition, we have verified the implementation of our design of prototype against five open-source XSS attack vector repositories, and very few XSS attack worms were able to evade our proposed design. Experimental evaluation and testing of XSS-immune were performed by adding support from the tested suite of real world web applications. The performance evaluation results revealed that our framework is able to detect the XSS worms with acceptable low false positive and false negative rate in comparison with the performance of existing XSS filters. Experimental results also incurred acceptable runtime overhead because of minor alterations on client-side browser and computationally fast execution of modules deployed in our browser-resident framework. Copyright (C) 2016 John Wiley & Sons, Ltd.

关键词： XSS worms XSS filters web browser web application vulnerabilities JavaScript code injection attacks HTTP

来源：评论

学校读者我要写书评

暂无评论

Context-oriented web application protection model

引用

APPLIED MATHEMATICS AND COMPUTATION 2016年 285卷 59-78页

作者： Prokhorenko, Victor Choo, Kim-Kwang Raymond Ashman, Helen Univ S Australia Sch Informat Technol & Math Sci Adelaide SA 5095 Australia

Due to growing user demand, web application development is becoming increasingly complicated. Multiple programming languages along with the complex multi-tier architecture commonly involved in web application development contribute to the probability of programming mistakes. Such mistakes may cause serious security vulnerabilities, which can then be exploited by malicious users. Current classifications include a wide variety of web application vulnerabilities, such as SQL injections, Cross-Site Scripting and File Inclusion. Various different protections exist against attacks associated with these vulnerabilities making it difficult to apply a single universal solution. This paper takes an alternative view of the core root of the vulnerabilities. Based on the discovered common traits, a unified extensible context-based model of web applications is proposed. A concept of context is introduced and different attacks are reformulated in terms of context boundary violation. The proposed model can be used to implement a more universal web application protection suitable against different types of attacks. (C) 2016 Elsevier Inc. All rights reserved.

关键词： Context-based protection web application attacks web application protection web application vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

Exploring Defense of SQL Injection Attack in Penetration Testing

引用

INTERNATIONAL JOURNAL OF DIGITAL CRIME AND FORENSICS 2017年第4期9卷 62-71页

作者： Zhu, Alex Yan, Wei Qi Auckland Univ Technol Auckland New Zealand Auckland Univ Technol Sch Comp & Math Sci Auckland New Zealand

SQLIA is adopted to attack websites with and without confidential information. Hackers utilized the compromised website as intermediate proxy to attack others for avoiding being committed of cyber-criminal and also enlarging the scale of Distributed Denial of Service Attack (DDoS). The DDoS is that hackers maliciously turn down a website and make network resources unavailable to web users. It is extremely difficult to effectively detect and prevent SQLIA because hackers adopt various evading SQLIA Intrusion Detection System techniques. Victims may not be even aware of that their confidential data has been compromised for a long time. In this paper, our contribution is that we evaluate several most popular open source SQLIA tools and SQLIA prevention tools with both qualitative and quantitative assessments.

关键词： Database Protection Hacking Information Security SQL Injection Attack web application vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

KAVE: A Knowledge-Based Multi-Agent System for web Vulnerability Detection

KAVE: A Knowledge-Based Multi-Agent System for Web Vulnerabi...

引用

IEEE International Conference on web Services (IEEE ICWS)

作者： Ramires, Rafael Respicio, Ana Medeiros, Iberia Univ Lisbon LASIGE DI Fac Ciencias Lisbon Portugal

ISBN: (纸本)9798350368567;9798350368550

The growing use of the web has led to a rise in cyber attacks exploiting software vulnerabilities, thereby causing significant damage to companies and individuals. Static analysis tools can assist programmers in identifying vulnerabilities within their code. However, these tools are prone to producing false positives and lack precision, which relegates them to a somewhat marginalised role in software development. This paper proposes a new and more effective static analysis approach for assessing and evaluating web applications against vulnerabilities by using a knowledge-based multi-agent system web vulnerability detector called KAVE. The multi-agent system performs static taint analysis over a specially designed multi-layer knowledge graph, whereas this graph aggregates diverse interconnected representations of the lexical and semantic features of the application's source code, their data and control flows, and function calls. Additionally, this graph integrates security properties associated with vulnerabilities. The evaluation results of KAVE and comparison with existing tools showed that KAVE employs an effective and efficient method to detect vulnerabilities in web applications, finding 235 vulnerabilities with a precision of 95.9% over 12 open-source PHP web applications.

关键词： web application vulnerabilities Static Analysis Multi-Layer Knowledge Graph Multi-Agent System Software Security

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：