https://scholars.lib.ntu.edu.tw/handle/123456789/148993
標題: | Non-detrimental Web application security scanning | 作者: | Huang, Yao-Wen Tsai, Chung-Hung Lee, D.T. SY-YEN KUO |
公開日期: | 十一月-2004 | 起(迄)頁: | 219-230 | 來源出版物: | 15th International Symposium on Software Reliability Engineering, 2004. ISSRE 2004 | 摘要: | The World Wide Web has become a sophisticated platform capable of delivering a broad range of applications. However, its rapid growth has resulted in numerous security problems that current technologies cannot address. Researchers from both academic and private sector are devoting a considerable amount of resources to the development of Web application security scanners (i.e., automated software testing platforms for Web application security auditing) with some success. However, little is known about their potential side effects. It is possible for an auditing process to induce permanent changes in an application's state. Due to this potential, we have so far avoided large-scale empirical evaluations of our Web Application Vulnerability and Error Scanner (WAVES). In this paper we introduce a testing methodology that allows for harmless auditing, define three testing modes-heavy, relaxed, and safe modes, and report our results from two experiments. In the first, we compared the coverage and side effects of the three scanning modes using 5 real-world Web applications chosen from the 38 found vulnerable in a previous static verification effort. In the second, we used the relaxed mode to conduct a 48-hour test involving 1120 random websites, of which 55 were found to be vulnerable. © 2004 IEEE. |
URI: | http://ntur.lib.ntu.edu.tw//handle/246246/200704191001686 http://ntur.lib.ntu.edu.tw/bitstream/246246/200704191001686/1/01383120.pdf |
其他識別: | 1071-9458 | DOI: | 10.1002/0471654787.ch9 10.1109/ISSRE.2004.25 |
SDG/關鍵字: | Cross-site scripting; Real-world application; Security scanning; Web applications; Computer crime; Computer system firewalls; Electronic mail; Gateways (computer networks); HTTP; Real time systems; Security of data; Software engineering; Websites; World Wide Web |
顯示於: | 電機工程學系 |
檔案 | 描述 | 大小 | 格式 | |
---|---|---|---|---|
01383120.pdf | 304.56 kB | Adobe PDF | 檢視/開啟 |
在 IR 系統中的文件,除了特別指名其著作權條款之外,均受到著作權保護,並且保留所有的權利。