Research on strong-association rule based web application vulnerability detection

Abstract

With the increase of the web applications in information society, web application software security become more and more important. Recent investigations show that web application vulnerabilities have become the largest security threat. Websense security report shows that in the first half of year 2008 above 75% of the most popular web site have utilized by the hackers to run malicious code. Detecting and solving vulnerability is the effective way to enhance web security. In this paper we focus on the regression test in web vulnerability detection, and present a strong-association rule based algorithm to make the detection more efficient. In the first step we traverse the whole web site to get the web page collection. And then, in the regression test, we make the association between the pages and expand the pages to a collection set. The set will used in the following iterate traverse. And we define the relational grade to describe the association. Finally, we do the experiment on our target web site which contains the known vulnerabilities such as XSS and SQL injection, and the result shows that the algorithm can detect almost all the pages that may contains vulnerabilities in the target web site.