DC 欄位 | 值 | 語言 |
dc.contributor | Dept. of Electr. Eng., National Taiwan Univ. | en |
dc.contributor.author | Huang, Yao-Wen | en_US |
dc.contributor.author | Tsai, Chung-Hung | en_US |
dc.contributor.author | Lee, D.T. | en_US |
dc.contributor.author | SY-YEN KUO | en_US |
dc.creator | Huang, Yao-Wen; Tsai, Chung-Hung; Lee, D.T.; Kuo, Sy-Yen | - |
dc.date | 2004-11 | en |
dc.date.accessioned | 2007-04-19T03:36:55Z | - |
dc.date.accessioned | 2018-07-06T10:09:58Z | - |
dc.date.available | 2007-04-19T03:36:55Z | - |
dc.date.available | 2018-07-06T10:09:58Z | - |
dc.date.issued | 2004-11 | - |
dc.identifier | 1071-9458 | en |
dc.identifier.uri | http://ntur.lib.ntu.edu.tw//handle/246246/200704191001686 | - |
dc.identifier.uri | http://ntur.lib.ntu.edu.tw/bitstream/246246/200704191001686/1/01383120.pdf | - |
dc.description.abstract | The World Wide Web has become a sophisticated platform capable of delivering a broad range of applications. However, its rapid growth has resulted in numerous security problems that current technologies cannot address. Researchers from both academic and private sector are devoting a considerable amount of resources to the development of Web application security scanners (i.e., automated software testing platforms for Web application security auditing) with some success. However, little is known about their potential side effects. It is possible for an auditing process to induce permanent changes in an application's state. Due to this potential, we have so far avoided large-scale empirical evaluations of our Web Application Vulnerability and Error Scanner (WAVES). In this paper we introduce a testing methodology that allows for harmless auditing, define three testing modes-heavy, relaxed, and safe modes, and report our results from two experiments. In the first, we compared the coverage and side effects of the three scanning modes using 5 real-world Web applications chosen from the 38 found vulnerable in a previous static verification effort. In the second, we used the relaxed mode to conduct a 48-hour test involving 1120 random websites, of which 55 were found to be vulnerable. © 2004 IEEE. | - |
dc.format | application/pdf | en |
dc.format.extent | 311866 bytes | - |
dc.format.mimetype | application/pdf | - |
dc.language | en-US | en |
dc.language.iso | en_US | - |
dc.relation | Software Reliability Engineering, 2004. ISSRE 2004. 15th International Symposium on | en |
dc.relation.ispartof | 15th International Symposium on Software Reliability Engineering, 2004. ISSRE 2004 | - |
dc.subject.classification | [SDGs]SDG16 | - |
dc.subject.other | Cross-site scripting; Real-world application; Security scanning; Web applications; Computer crime; Computer system firewalls; Electronic mail; Gateways (computer networks); HTTP; Real time systems; Security of data; Software engineering; Websites; World Wide Web | - |
dc.title | Non-detrimental Web application security scanning | - |
dc.type | conference paper | en |
dc.identifier.doi | 10.1002/0471654787.ch9 | - |
dc.identifier.doi | 10.1109/ISSRE.2004.25 | en |
dc.identifier.scopus | 2-s2.0-16244388622 | - |
item.fulltext | with fulltext | - |
item.grantfulltext | open | - |
dc.relation.pages | 219-230 | - |
dc.identifier.uri.fulltext | http://ntur.lib.ntu.edu.tw/bitstream/246246/200704191001686/1/01383120.pdf | - |
item.openairecristype | http://purl.org/coar/resource_type/c_5794 | - |
item.openairetype | conference paper | - |
item.languageiso639-1 | en_US | - |
item.grantfulltext | open | - |
item.cerifentitytype | Publications | - |
item.fulltext | with fulltext | - |
crisitem.author.dept | Electrical Engineering | - |
crisitem.author.dept | Electronics Engineering | - |
crisitem.author.dept | Networking and Multimedia | - |
crisitem.author.dept | Computer Science and Information Engineering | - |
crisitem.author.dept | Center for Quantum Science and Engineering (CQSE) | - |
crisitem.author.orcid | 0000-0002-2504-2608 | - |
crisitem.author.parentorg | College of Electrical Engineering and Computer Science | - |
crisitem.author.parentorg | College of Electrical Engineering and Computer Science | - |
crisitem.author.parentorg | College of Electrical Engineering and Computer Science | - |
crisitem.author.parentorg | College of Electrical Engineering and Computer Science | - |
crisitem.author.parentorg | Others: University-Level Research Centers | - |
顯示於: | 電機工程學系
|