下載電子全文宣告This thesis is authorized to indicate not accessible
You can not download at the moment.
Your IP address is 18.104.22.168
The defense date of the thesis is 2011-07-27
The current date is 2019-03-21
URN etd-0727111-175403 Statistics This thesis had been viewed 1310 times. Download 0 times. Author Shu-Hau Shiu Author's Email Address No Public. Department Computer Science and Enginerring Year 2010 Semester 2 Degree Master Type of Document Master's Thesis Language Chinese&English Page Count 35 Title An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point Keyword Black-Box Testing Web Application Testing Security Scanner Complete Crawling XSS SQL-Injection SQL-Injection XSS Complete Crawling Security Scanner Web Application Testing Black-Box Testing Abstract As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS).
Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the Internet that are vulnerable. This paper implemented an automated vulnerability scanner that for the injection attacks,and defense that.
To this end, we implemented a system that detect injection attacks and automated defense system.Our system were automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.Through vulnerability assessment, vulnerability prevention and mutual interaction between the automatic, so that vulnerability testing and defense to form a complete defense system.We picked 7 identified web sites with vulnerabilities from National Vulnerability Database  to verify our system.
Advisor Committee Jin-Cherng Lin - advisor
Jong-Jiann Shieh - co-chair
none - co-chair
Files Date of Defense 2011-06-28 Date of Submission 2011-07-27