首頁 > 網路資源 > 大同大學數位論文系統

Title page for etd-0727111-175403


URN etd-0727111-175403 Statistics This thesis had been viewed 1310 times. Download 0 times.
Author Shu-Hau Shiu
Author's Email Address No Public.
Department Computer Science and Enginerring
Year 2010 Semester 2
Degree Master Type of Document Master's Thesis
Language Chinese&English Page Count 35
Title An Automated Injection Vulnerability Scanner and Defense system Based on Injection Point
Keyword
  • Black-Box Testing
  • Web Application Testing
  • Security Scanner
  • Complete Crawling
  • XSS
  • SQL-Injection
  • SQL-Injection
  • XSS
  • Complete Crawling
  • Security Scanner
  • Web Application Testing
  • Black-Box Testing
  • Abstract As the popularity of the web increases and web applications become tools of everyday use, the role of web security has been gaining importance as well. The last years have shown a significant increase in the number of web-based attacks. Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS).
    Although the majority of web vulnerabilities are easy to understand and to avoid, many web developers are, unfortunately, not security-aware. As a result, there exist many web sites on the Internet that are vulnerable. This paper implemented an automated vulnerability scanner that for the injection attacks,and defense that.
    To this end, we implemented a system that detect injection attacks and automated defense system.Our system were automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities.Through vulnerability assessment, vulnerability prevention and mutual interaction between the automatic, so that vulnerability testing and defense to form a complete defense system.We picked 7 identified web sites with vulnerabilities from National Vulnerability Database [14] to verify our system.
    Advisor Committee
  • Jin-Cherng Lin - advisor
  • Jong-Jiann Shieh - co-chair
  • none - co-chair
  • Files indicate not accessible
    Date of Defense 2011-06-28 Date of Submission 2011-07-27


    Browse | Search All Available ETDs