Qing Wang,Qinghua Zheng,Xiaohong Guan,Zhefei Zhang

DOI: https://doi.org/10.3321/j.issn:0253-987X.2007.04.013

2007-01-01

Abstract:Based on reverse deduction with proof-tree, a method for detecting SQL injection vulnerabilities which are ubiquitous in Web applications is presented. Differing from traditional real time security strategies such as IDS and firewall, the origin of producing attack can be found by directly mining source codes vulnerabilities. The essentials are to track reversely the variables that are related to database (DB) script operations and check whether they are influenced from outside so as to control the hidden damage existing in the DB operations. The experimental results show that the proposed method can accurately verify the security of 53. 8% DB operations, and it is applicable for any type of Web application platforms configured with different script languages and database systems.

Haiyan Wu,Guozhu Gao,Chunyu Miao

DOI: https://doi.org/10.1109/ICCSNT.2011.6182115

2012-01-01

Abstract:SQL injection, known as a popular attack against web applications, has become a serious security risk. However, traditional penetration test methods are insufficient to test SQL injection vulnerabilities (SQLIVs) in web applications. This paper presents a new test method called SMART, which automatically tests SQLIVs in web applications. SMART analyzes the SQL queries generated by web applications and uses a structure matching validation mechanism to determine whether SQLIVs exist. Comprehensive experiments show that SMART is effective in finding SQLIVs. Testing the web applications with SMART, the security against SQL injection can be greatly improved.

Zhixin Sun,Xubin Wang,Yuhua Xu

DOI: https://doi.org/10.1109/SWC57546.2023.10448993

2023-08-28

Abstract:Presently power network security attacks occur frequently, data security and privacy communication are facing a major threat, and secure data communication is imminent. Aiming at the injection attack type of Cross-site scripting attack(XSS), we analyze it and design a hybrid dynamic testing technology method. SVM is combined to build a discriminator to distinguish malignant scripts. Browser tools are used to simulate attacks and built-in script execution functions are used to continuously monitor the target attribute values and page status, dynamically discover malicious content, and improve source code security. Experiments show that this method is effective for vulnerability detection. It has low overhead in the process of implementing dynamic testing and effectively improves the accuracy of vulnerability analysis combined with static content analysis.

Computer Science

Yongzhen Li,Gaolong Wang

DOI: https://doi.org/10.1109/ISAIEE57420.2022.00089

2022-12-01

Abstract:With the rapid development of the internet in China, we are dealing with web sites all the time, but with this comes the increasing vulnerability of various web applications. The vulnerability of web applications can be used to steal information, account theft and fraud, threatening the security of web applications. Therefore, the security detection of web applications is particularly important. This paper introduces the background of today's web application scanning technology, analyses the importance of securing web sites, and focuses on the history and future development trends of web application vulnerability scanning at home and abroad. The system is based on the OWASP Top 10 vulnerabilities of SQL injection and XSS, which have a large impact. By analysing the risks and principles of these two vulnerabilities, a scanning system is designed to run on the Windows platform.

Computer Science

Zhefei Zhang,Qinghua Zheng,Xiaohong Guan,Qing Wang,Tuo Wang

DOI: https://doi.org/10.1007/s11460-008-0047-x

2008-01-01

Frontiers of Electrical and Electronic Engineering in China

Abstract:SQL injection poses a major threat to the application level security of the database and there is no systematic solution to these attacks. Different from traditional run time security strategies such as IDS and firewall, this paper focuses on the solution at the outset; it presents a method to find vulnerabilities by analyzing the source codes. The concept of validated tree is developed to track variables referenced by database operations in scripts. By checking whether these variables are influenced by outside inputs, the database operations are proved to be secure or not. This method has advantages of high accuracy and efficiency as well as low costs, and it is universal to any type of web application platforms. It is implemented by the software code vulnerabilities of SQL injection detector (CVSID). The validity and efficiency are demonstrated with an example.

Hui Yuan,Lei Zheng,Liang Dong,Xiangli Peng,Yan Zhuang,Guoru Deng

DOI: https://doi.org/10.1007/978-3-030-15235-2_66

2019-04-25

Abstract:With the rapid development of Internet technology, Web applications are widely used in all walks of life, and their security requirements are increasing. Unfortunately, at present, the development of Web security technology still lags behind the development of Web application technology itself. The Web application itself and its operating environment are still relatively fragile, and its operating environment is easily forged or modified, making Web applications gradually become malicious. The object of the attack is frequently attacked. This paper investigates and analyzes the common vulnerabilities in web applications, deeply studies the basic characteristics of these vulnerabilities, and understands the principles and solutions of vulnerabilities. The static analysis method is used to analyze the vulnerabilities, and the static analysis methods are used to solve the security vulnerabilities in the Java web project.

曾凡平,陈明辉,尹凯涛,王煦法

DOI: https://doi.org/10.3969/j.issn.1009-8054.2009.10.037

2009-01-01

Abstract:This paper presents a measurement method for process integrity.This measurement method is applied in the test of software vulnerability.The method uses source-code conversion and the state information of function-call to check and analyze the process integrity.By checking whether the measurement for process integrity is true, the fact that whether there is a vulnerability in the software is determined.The experiment shows that this method could accurately check the attack of buffer overflow, in the circumstances of with no large performance loss.

ZHANG Heng-zhi,XUE Zhi

DOI: https://doi.org/10.3969/j.issn.1009-2552.2011.11.015

2011-01-01

Abstract:Nowadays Web application is very familiar to everyone,everybody is taking advantage of it.Web shopping,gain information,browse website,Internet banking and so on.It’s obvious that modern life can’t live without Web applications.But with the convenience which Web applications brought us,the network security problems are increasing,too.SQL injection is one of the most critical loophole.Because of SQL injection attack method is easy to learn,and its success rate is pretty high,SQL injection becomes one of the major method for hackers to attack Web applications.This article shows how SQL injection attacks,and gives several ways to avoid these kinds of attacks though programming.

Jun Zhu,Bill Chu,Heather Richter Lipford,Tyler Thomas

DOI: https://doi.org/10.1145/2752952.2752976

2015-01-01

Abstract:ABSTRACTAccess control vulnerabilities due to programming errors have consistently ranked amongst top software vulnerabilities. Previous research efforts have concentrated on using automatic program analysis techniques to detect access control vulnerabilities in applications. We report a comparative study of six open source PHP applications, and find that implicit assumptions of previous research techniques can significantly limit their effectiveness. We propose a more effective hybrid approach to mitigate access control vulnerabilities. Developers are reminded in-situ of potential access control vulnerabilities, where self-review of code can help them discover mistakes. Additionally, developers are prompted for application-specific access control knowledge, providing samples of code that could be thought of as static analysis by example. These examples are turned into code patterns that can be used in performing static analysis to detect additional access control vulnerabilities and alert the developer to take corrective actions. Our evaluation of six open source applications detected 20 zero-day access control vulnerabilities in addition to finding all access control vulnerabilities detected in previous works.

Jiang Zhen

Abstract:The paper introduces the current severe situation of the Web security, and brings up the necessity to design Web vulnerability scanning software. Then it analyzes Web crawler, construction of website structure tree, and detection methods of SQL injection, XSS, integer overflow and URL redirection, which provides a guarantee for developing the system successfully. The paper also describes the software architecture and the design of modules. The final testing results prove that the software is able to detect the common types of vulnerabilities rapidly and comprehensively. The software has been published.

Computer Science

Libo Cao,Tianjie Cao

DOI: https://doi.org/10.3969/j.issn.1000-386x.2015.08.064

2015-01-01

Abstract:Cross-site scripting ( XSS) vulnerability is one the top web application vulnerabilities.In the paper, we analyse the inadequacy of existing dynamic analysis methods in detecting XSS vulnerability and propose a high-efficiency detection method.Before using attack vectors to test, we first submit legal vectors for testing in order to exclude the pages definitely without XSS vulnerabilities and to collect the information about input points, output points and the types of output points.In the process of testing with attack vectors, it just needs to submit the correlated attack vectors according to output point type for further testing, and avoids traversing all the attack vectors.In addition, by looking for the specific data in corresponding page of output points only, it is able to effectively avoid traversing all the pages.Experiment proves that the proposed method is very effective in improving the efficiency of XSS vulnerability detection.

Mahmoud Mohammadi,Bill Chu,Heather Richter Lipford,Emerson Murphy-Hill

DOI: https://doi.org/10.1145/2896921.2896929

2018-04-03

Abstract:Integrating security testing into the workflow of software developers not only can save resources for separate security testing but also reduce the cost of fixing security vulnerabilities by detecting them early in the development cycle. We present an automatic testing approach to detect a common type of Cross Site Scripting (XSS) vulnerability caused by improper encoding of untrusted data. We automatically extract encoding functions used in a web application to sanitize untrusted inputs and then evaluate their effectiveness by automatically generating XSS attack strings. Our evaluations show that this technique can detect 0-day XSS vulnerabilities that cannot be found by static analysis tools. We will also show that our approach can efficiently cover a common type of XSS vulnerability. This approach can be generalized to test for input validation against other types injections such as command line injection.

Cryptography and Security

Fanping Zeng,Minghui Chen,Kaitao Yin,Xufa Wang

DOI: https://doi.org/10.1109/cmc.2009.141

2009-01-01

Abstract:On the basis of analyzing the safety formulas for various types of vulnerabilities, this paper presents a novel method for software vulnerability testing, which uses source-code conversion and the state information of function-call to test the vulnerability of software. This method could cover a variety of vulnerabilities. The implementation shows that it can check the attack of buffer overflow accurately, on the occasions of no large losses in performance.

Xiao Xi,Yan Ruibo,Ye Runguo,Li Qing,Peng Sancheng,Jiang Yong

DOI: https://doi.org/10.1109/CBD.2015.48

2015-01-01

Abstract:Security on mobile devices is becoming increasingly important. HTML5 are widely used to develop mobile applications due to its portability on multi platforms. However it is allowed to mix data and code together in web technology. HTML5-based applications are prone to suffer from code injection attacks that are similar to XSS. In this paper, at first, we introduce a more hidden type of code injection attacks, coding-based attacks. In the new type of code injection attacks, JavaScript code is encoded in a human-unreadable form. Then we use classification algorithms of machine learning to determine whether an app suffers from the code injection attack or not. The experimental result shows that the Precision of our detection method reaches 95.3%. Compare with the other method, our approach improves a lot in detection speed with the precision nearly unchanged. Furthermore, an improved access control model is proposed to mitigate the attack damage. In addition, filters are adopted to remove JavaScript code from data to prevent the attacks. The effectiveness and rationality have been validated through extensive simulations.

Haibin Hu

DOI: https://doi.org/10.1063/1.4982570

2017-01-01

AIP Conference Proceedings

Abstract:Among numerous WEB security issues, SQL injection is the most notable and dangerous. In this study, characteristics and procedures of SQL injection are analyzed, and the method for detecting the SQL injection attack is illustrated. The defense resistance and remedy model of SQL injection attack is established from the perspective of non-intrusive SQL injection attack and defense. Moreover, the ability of resisting the SQL injection attack of the server has been comprehensively improved through the security strategies on operation system, IIS and database, etc.. Corresponding codes are realized. The method is well applied in the actual projects.

Cao Tian-jie

2009-01-01

Abstract:SQL Injection is a Familiar loophole of Web System,using this loophole,the attacker could directly access the database and could led to great hidden troubles.In this paper, the def inition,principle and injection technology were expounded,we advanced prevention measures from different point of views, and the users could establish their own policies, so the security of the system is improved.

WU Hai-yan,MIAO Chun-yu,LIU Qi-xin,SUN Fang-cheng

DOI: https://doi.org/10.3969/j.issn.1671-0428.2008.04.013

IF: 5.105

2008-01-01

Computers & Security

Abstract:With the development of Web application , its security issue calls more and more attention and becomes a hotspot in the area or information security . It is regrettable that there is little related research work.. This paper discusses web application security testing method , and introduces the principle and function of web security testing tools , using Nikto and Paros as examples.

Chengcheng Lv,Long Zhang,Fanping Zeng,Jian Zhang

DOI: https://doi.org/10.1109/apsec48747.2019.00018

2019-01-01

Abstract:XSS is one of the common vulnerabilities in web applications. Many black-box testing tools may collect a large number of payloads and traverse them to find a payload that can be successfully injected, but they are not very efficient. And previous research has paid less attention to how to improve the efficiency of black-box testing to detect XSS vulnerability. To improve the efficiency of testing, we develop an XSS testing tool. It collects 6128 payloads and uses a headless browser to detect XSS vulnerability. The tool can discover XSS vulnerability quickly with the ART(Adaptive Random Testing) method. We conduct an experiment using 3 extensively adopted open source vulnerable benchmarks and 2 actual websites to evaluate the ART method. The experimental results indicate that the ART method can effectively improve the fuzzing method by more than 27.1% in reducing the number of attempts before accomplishing a successful injection.

Marc Rennhard,Malte Kushnir,Olivier Favre,Damiano Esposito,Valentin Zahnd

DOI: https://doi.org/10.1007/s42979-022-01271-1

2022-07-16

SN Computer Science

Abstract:The importance of automated and reproducible security testing of web applications is growing, driven by increasing security requirements, short software development cycles, and constraints with respect to time and budget. Existing automated security testing tools are already well suited to detect some types of vulnerabilities, e.g., SQL injection or cross-site scripting vulnerabilities. However, other vulnerability types are much harder to uncover in an automated way. One important representative of this type are access control vulnerabilities, which are highly relevant in practice as they can grant unauthorized users access to security-critical data or functions in web applications. In this paper, a practical solution to automatically detect HTTP GET request-based access control vulnerabilities in web applications is presented. The solution is based on previously proposed ideas, which are extended with novel approaches to enable completely automated access control testing with minimal configuration effort, which in turn enables frequent and reproducible testing. An evaluation with seven web applications based on different technologies demonstrates the general applicability of the solution and that it can automatically uncover most access control vulnerabilities while keeping the number of false positives low.

Lijiu Zhang,Qing Gu,Shushen Peng,Xiang Chen,Haigang Zhao,Daoxu Chen

DOI: https://doi.org/10.1109/icsea.2010.85

2010-01-01

Abstract:Finding effective approaches to detect vulnerabilities is important to guarantee the security of Web applications. Web application security issues are mostly related to malicious input data and Web forms are the main interface to input these data. According to the above observation, we propose a novel approach to detect Web application vulnerabilities. In our approach, given a URL, we get a target Web form. After analyzing characteristics of this Web form, we assign a set of test values to each field in this form. Then we propose a method to generate test suites taking the weight of each test value into account. Finally, we execute these test suites and analyze corresponding result based on HTTP response code and response HTML. We implement our approach into a tool called D-WAV and choose several Web applications as benchmarks to conduct empirical studies. Final results show that our approach can automatically and effectively discover Web application vulnerabilities such as cross-site scripting and SQL injection.