Web Application Security: Threats, Countermeasures, and Pitfalls

被引:35
作者
Huang, Hsiu-Chuan [1 ,2 ]
Zhang, Zhi-Kai [1 ]
Cheng, Hao-Wen [3 ]
Shieh, Shiuhpyng Winston [1 ,4 ]
机构
[1] Natl Chiao Tung Univ, Dept Comp Sci, Hsinchu, Taiwan
[2] Chunghwa Telecom Labs, Taipei, Taiwan
[3] Natl Chiao Tung Univ, Hsinchu, Taiwan
[4] Natl Chiao Tung Univ, Taiwan Informat Secur Ctr, Hsinchu, Taiwan
来源
COMPUTER | 2017年 / 50卷 / 06期
关键词
combinative evasion; cross-site scripting; cybersecurity; Cybertrust; filters; firewalls; Open Web Application Security Project; OWASP; penetration testing; security; SQL injection; VulScan; web vulnerability scanner; XSS;
D O I
10.1109/MC.2017.183
中图分类号
TP3 [计算技术、计算机技术];
学科分类号
0812 ;
摘要
Penetration testing is a crucial defense against common web application security threats such as SQL injection and cross-site scripting attacks. A proposed web vulnerability scanner automatically generates test data with combinative evasion techniques, significantly expanding test coverage and revealing more vulnerabilities.
引用
收藏
页码:81 / 85
页数:5
相关论文
共 10 条
[1]  
Akamai Akamai's, 2016, AK STAT INT SEC Q3 2, V3
[2]  
[Anonymous], 2017, Internet Security Threat Report
[3]  
[Anonymous], 2013, OWASP Top 10-2013: The ten most critical web application security risks
[4]  
Open Web Application Security Project, 2016, OWASP ZED ATT PROX P
[5]  
Open Web Application Security Project, 2016, SQL INJ BYP WAF
[6]  
Open Web Application Security Project, 2016, XSS FILT EV CHEAT SH
[7]  
Open Web Application Security Project, 2016, OWASP WEBGOAT PROJ
[8]   SQL Injection is Still Alive: A Study on SQL Injection Signature Evasion Techniques [J].
Sadeghian, Amirmohammad ;
Zamani, Mazdak ;
Ibrahim, Suhaimi .
2013 INTERNATIONAL CONFERENCE ON INFORMATICS AND CREATIVE MULTIMEDIA (ICICM), 2013, :265-268
[9]  
West M., 2016, Content Security Policy Level 3
[10]   Mitigating Cross-Site Scripting Attacks with a Content Security Policy [J].
Yusof, Imran ;
Pathan, Al-Sakib Khan .
COMPUTER, 2016, 49 (03) :56-63
1