An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point

• Main Authors: Shu-Hau Shiu, 許書豪
• Other Authors: Jin-Cherng Lin
• Format: Others
• Published: 2011
• Online Access: http://ndltd.ncl.edu.tw/handle/89578859962403490522

碩士 === 大同大學 === 資訊工程學系(所) === 99 === As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the Internet that are vulnerable. This paper implemented an automated vulnerability scanner that for the injection attacks,and defense that. To this end, we implemented a system that detect injection attacks and automated defense system.Our system were automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.Through vulnerability assessment, vulnerability prevention and mutual interaction between the automatic, so that vulnerability testing and defense to form a complete defense system.We picked 7 identified web sites with vulnerabilities from National Vulnerability Database [14] to verify our system.