An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point
碩士 === 大同大學 === 資訊工程學系(所) === 99 === As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. Many web application secur...
Main Authors: | , |
---|---|
Other Authors: | |
Format: | Others |
Published: |
2011
|
Online Access: | http://ndltd.ncl.edu.tw/handle/89578859962403490522 |
id |
ndltd-TW-099TTU05392014 |
---|---|
record_format |
oai_dc |
spelling |
ndltd-TW-099TTU053920142015-10-19T04:03:43Z http://ndltd.ncl.edu.tw/handle/89578859962403490522 An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point 自動化網頁注入弱點檢測及防禦系統 Shu-Hau Shiu 許書豪 碩士 大同大學 資訊工程學系(所) 99 As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the Internet that are vulnerable. This paper implemented an automated vulnerability scanner that for the injection attacks,and defense that. To this end, we implemented a system that detect injection attacks and automated defense system.Our system were automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.Through vulnerability assessment, vulnerability prevention and mutual interaction between the automatic, so that vulnerability testing and defense to form a complete defense system.We picked 7 identified web sites with vulnerabilities from National Vulnerability Database [14] to verify our system. Jin-Cherng Lin 林金城 2011 學位論文 ; thesis 35 |
collection |
NDLTD |
format |
Others
|
sources |
NDLTD |
description |
碩士 === 大同大學 === 資訊工程學系(所) === 99 === As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS).
Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the Internet that are vulnerable. This paper implemented an automated vulnerability scanner that for the injection attacks,and defense that.
To this end, we implemented a system that detect injection attacks and automated defense system.Our system were automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.Through vulnerability assessment, vulnerability prevention and mutual interaction between the automatic, so that vulnerability testing and defense to form a complete defense system.We picked 7 identified web sites with vulnerabilities from National Vulnerability Database [14] to verify our system.
|
author2 |
Jin-Cherng Lin |
author_facet |
Jin-Cherng Lin Shu-Hau Shiu 許書豪 |
author |
Shu-Hau Shiu 許書豪 |
spellingShingle |
Shu-Hau Shiu 許書豪 An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point |
author_sort |
Shu-Hau Shiu |
title |
An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point |
title_short |
An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point |
title_full |
An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point |
title_fullStr |
An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point |
title_full_unstemmed |
An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point |
title_sort |
automated injection vulnerability scanner and defense system based on injection point |
publishDate |
2011 |
url |
http://ndltd.ncl.edu.tw/handle/89578859962403490522 |
work_keys_str_mv |
AT shuhaushiu anautomatedinjectionvulnerabilityscanneranddefensesystembasedoninjectionpoint AT xǔshūháo anautomatedinjectionvulnerabilityscanneranddefensesystembasedoninjectionpoint AT shuhaushiu zìdònghuàwǎngyèzhùrùruòdiǎnjiǎncèjífángyùxìtǒng AT xǔshūháo zìdònghuàwǎngyèzhùrùruòdiǎnjiǎncèjífángyùxìtǒng AT shuhaushiu automatedinjectionvulnerabilityscanneranddefensesystembasedoninjectionpoint AT xǔshūháo automatedinjectionvulnerabilityscanneranddefensesystembasedoninjectionpoint |
_version_ |
1718095017210281984 |