攻击Web向量的探索

2021 International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications (CoNTESA) Pub Date : 2021-12-09 DOI:10.1109/contesa52813.2021.9657129

Tea Osmëni, Maaruf Ali

{"title":"攻击Web向量的探索","authors":"Tea Osmëni, Maaruf Ali","doi":"10.1109/contesa52813.2021.9657129","DOIUrl":null,"url":null,"abstract":"Most people in the industrial world use a wide variety of web applications daily with the majority being insecure and vulnerable. This gives hackers the opportunity to steal data from the user’s web application, which may contain sensitive information. Vulnerability detection may be conducted by a rigorous penetration test. A penetration tester’s duty is to define and exploit the web applications’ vulnerabilities.This paper describes a technique for automatic vulnerable web application generation application. Firstly, the prepared web application is sent to the tool to create the vulnerable web application version. This tool does this by the injection of Cross Site Request Forgery (CSRF) and Cross Site Scripting (XSS) into the web application. Different variant vulnerabilities may be injected too, so different methods are needed, in order to exploit vulnerabilities dependent on the variant. One of the tool’s tasks is to produce web applications, which will be used to train the penetration testers.","PeriodicalId":323624,"journal":{"name":"2021 International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications (CoNTESA)","volume":"1 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2021-12-09","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Exploration of the Attacking Web Vectors\",\"authors\":\"Tea Osmëni, Maaruf Ali\",\"doi\":\"10.1109/contesa52813.2021.9657129\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Most people in the industrial world use a wide variety of web applications daily with the majority being insecure and vulnerable. This gives hackers the opportunity to steal data from the user’s web application, which may contain sensitive information. Vulnerability detection may be conducted by a rigorous penetration test. A penetration tester’s duty is to define and exploit the web applications’ vulnerabilities.This paper describes a technique for automatic vulnerable web application generation application. Firstly, the prepared web application is sent to the tool to create the vulnerable web application version. This tool does this by the injection of Cross Site Request Forgery (CSRF) and Cross Site Scripting (XSS) into the web application. Different variant vulnerabilities may be injected too, so different methods are needed, in order to exploit vulnerabilities dependent on the variant. One of the tool’s tasks is to produce web applications, which will be used to train the penetration testers.\",\"PeriodicalId\":323624,\"journal\":{\"name\":\"2021 International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications (CoNTESA)\",\"volume\":\"1 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2021-12-09\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2021 International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications (CoNTESA)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/contesa52813.2021.9657129\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2021 International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications (CoNTESA)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/contesa52813.2021.9657129","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 0

摘要

工业世界中的大多数人每天使用各种各样的web应用程序，其中大多数都是不安全且易受攻击的。这让黑客有机会从用户的web应用程序中窃取数据，其中可能包含敏感信息。漏洞检测可以通过严格的渗透测试进行。渗透测试人员的职责是定义和利用web应用程序的漏洞。本文介绍了一种web应用程序漏洞自动生成技术。首先，将准备好的web应用程序发送到工具中创建易受攻击的web应用程序版本。该工具通过向web应用程序注入跨站请求伪造(CSRF)和跨站脚本(XSS)来实现这一点。不同的变体漏洞也可能被注入，因此需要不同的方法来利用依赖于变体的漏洞。该工具的任务之一是生成web应用程序，这些应用程序将用于培训渗透测试人员。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Exploration of the Attacking Web Vectors

Most people in the industrial world use a wide variety of web applications daily with the majority being insecure and vulnerable. This gives hackers the opportunity to steal data from the user’s web application, which may contain sensitive information. Vulnerability detection may be conducted by a rigorous penetration test. A penetration tester’s duty is to define and exploit the web applications’ vulnerabilities.This paper describes a technique for automatic vulnerable web application generation application. Firstly, the prepared web application is sent to the tool to create the vulnerable web application version. This tool does this by the injection of Cross Site Request Forgery (CSRF) and Cross Site Scripting (XSS) into the web application. Different variant vulnerabilities may be injected too, so different methods are needed, in order to exploit vulnerabilities dependent on the variant. One of the tool’s tasks is to produce web applications, which will be used to train the penetration testers.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

2021 International Conference on Computing, Networking, Telecommunications & Engineering Sciences Applications (CoNTESA)

自引率

0.00%

发文量