| Summary: | 碩士 === 國立暨南國際大學 === 資訊管理學系 === 91 === Most web applications are developed based on the trust of data returned from a client. In fact, a malicious attacker can easily use harmful data to hack web applications. On April 2002, the Taiwan government started to take notice of the SQL injection attacks. In addition, the cross-site Scripting (XSS) is another method to steal user data or to violate web applications. These attacks are mainly caused by the lack of solid input validations. Such security leak has brought a serious threat for E-commerce security.
In this thesis we investigate a new approach for solving the above web security problems. We propose a framework of web security protection by using the validation technique in XML schemas. In the framework, a validator is placed between the web server and web applications. Web application developers use XML schemas to specify the possible inputs of a web application. In the runtime, all the HTTP inputs will be converted to an XML document. Then, via the XML validation technique, the validator will automatically filter out invalid and harmful inputs. Consequently, web applications can be protected effectively. Our approach supports the protection of legacy web applications. In addition, the framework is independent of the languages used in web applications. An implementation of the secure framework is implemented in this thesis research.
|
|---|
