A multi-level sanitizing strategy based on injection point

被引：0

作者：

Lin, Jin-Cheng ^{[1
]}

Chen, Jan-Min ^{[1
,2
]}

Lin, Tien-Wei ^{[1
]}

Yang, Shu-Wei ^{[1
]}

机构：

[1] Department of Computer Science and Engineer, Tatung University, 40 Zhongshan North Road, Taipei 104, Taiwan

[2] Department of Information Management, Yu Da College of Business, No. 168, Hsueh-fu Rd., Miaoli County, Taiwan

来源：

ICIC Express Letters | 2009年 / 3卷 / 03期

关键词：

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

According to OWASP (Open Web Applications Security Projectj's list ofsecurity vulnerabilities in 2007, the top five critical Web application securityvulnerabilities are caused by unchecked input [1]. Invalidated input may allowhackers to inject code to bypass or modify the original intended functionalityof the program, to gain information, escalate privileges or to obtainunauthorized access to a, system,. Enforcing proper input validation is aneffective counter-measure to use as a defense against input attacks but it mayinduce false negatives or false positives. In this paper, we propose anintelligent mechanism that can automatically generate proper validation rulesbased on the web vulnerability of every injection point. To verify theefficiency of this mechanism, we evaluate whether the filter rules can decreasethe false rate more greatly than traditional input handling methods. Themechanism is a, technique critical to protecting Web applications againstmalicious injection attacks. ICIC International © 2009.

引用

页码：471 / 476