An efficient algorithm and tool for detecting dangerous website vulnerabilities

IF 1 4区计算机科学 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS

International Journal of Web and Grid Services Pub Date : 2020-03-25 DOI:10.1504/ijwgs.2020.10027870

H. Long, Tong Anh Tuan, D. Taniar, Nguyen Van Can, Hoang Minh Hue, N. T. K. Son

引用次数: 8

Abstract

Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.

查看原文本刊更多论文

一个有效的算法和工具，用于检测危险的网站漏洞

Web应用程序正在逐步开发并应用于生活的大多数方面。但是，存在着SQL注入、跨站脚本等多种危险的网站安全漏洞。这为黑客为了商业或政治目的或名声而利用和攻击网站创造了机会。一些研究和商业软件已经开发出来扫描和检测这些漏洞。在本文中，我们提出了一种有效的算法研究和工具来检测web安全漏洞。实验结果表明，该方法具有较高的漏洞检测精度。与市场上流行的商业软件相比，我们的工具具有更快的性能，并且可以检测许多不太常见的漏洞，例如shell注入或文件包含。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

International Journal of Web and Grid Services COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

2.40

自引率

20.00%

发文量

审稿时长

12 months

期刊介绍： Web services are providing declarative interfaces to services offered by systems on the Internet, including messaging protocols, standard interfaces, directory services, as well as security layers, for efficient/effective business application integration. Grid computing has emerged as a global platform to support organisations for coordinated sharing of distributed data, applications, and processes. It has also started to leverage web services to define standard interfaces for business services. IJWGS addresses web and grid service technology, emphasising issues of architecture, implementation, and standardisation.