{"title":"网站输入验证和基于输入滥用的攻击","authors":"I. Alsmadi, Iyad Alazzam","doi":"10.1109/CCC.2016.31","DOIUrl":null,"url":null,"abstract":"Websites typically include many forms or web elements that allow users to enter and submit data. This data will be eventually executed in the back-end databases. Users can, intentionally or unintentionally enter improper input data that, if reach those back-end databases, may cause some serious security or damaging problems. For proper user interface design as well as for security reasons, it is important for web-designers to consider input-validation techniques at the user interface level or as early as possible. The goal is to stop further actions for any invalid input data. In this paper, we conducted an evaluation study of how much input validation is used by web-designers. We used some of the web attacks that target improper input validations as indicators to show the quality of the input validation process for the evaluated websites. Results showed that those types of attacks continue to be effective and serious methods. Results showed also that there is a need for systematic and frequent evaluation for those websites to ensure that basic input validation guidelines are observed.","PeriodicalId":120509,"journal":{"name":"2016 Cybersecurity and Cyberforensics Conference (CCC)","volume":"39 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2016-08-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"5","resultStr":"{\"title\":\"Websites' Input Validation and Input-Misuse-Based Attacks\",\"authors\":\"I. Alsmadi, Iyad Alazzam\",\"doi\":\"10.1109/CCC.2016.31\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Websites typically include many forms or web elements that allow users to enter and submit data. This data will be eventually executed in the back-end databases. Users can, intentionally or unintentionally enter improper input data that, if reach those back-end databases, may cause some serious security or damaging problems. For proper user interface design as well as for security reasons, it is important for web-designers to consider input-validation techniques at the user interface level or as early as possible. The goal is to stop further actions for any invalid input data. In this paper, we conducted an evaluation study of how much input validation is used by web-designers. We used some of the web attacks that target improper input validations as indicators to show the quality of the input validation process for the evaluated websites. Results showed that those types of attacks continue to be effective and serious methods. Results showed also that there is a need for systematic and frequent evaluation for those websites to ensure that basic input validation guidelines are observed.\",\"PeriodicalId\":120509,\"journal\":{\"name\":\"2016 Cybersecurity and Cyberforensics Conference (CCC)\",\"volume\":\"39 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2016-08-01\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"5\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"2016 Cybersecurity and Cyberforensics Conference (CCC)\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1109/CCC.2016.31\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"2016 Cybersecurity and Cyberforensics Conference (CCC)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/CCC.2016.31","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Websites' Input Validation and Input-Misuse-Based Attacks
Websites typically include many forms or web elements that allow users to enter and submit data. This data will be eventually executed in the back-end databases. Users can, intentionally or unintentionally enter improper input data that, if reach those back-end databases, may cause some serious security or damaging problems. For proper user interface design as well as for security reasons, it is important for web-designers to consider input-validation techniques at the user interface level or as early as possible. The goal is to stop further actions for any invalid input data. In this paper, we conducted an evaluation study of how much input validation is used by web-designers. We used some of the web attacks that target improper input validations as indicators to show the quality of the input validation process for the evaluated websites. Results showed that those types of attacks continue to be effective and serious methods. Results showed also that there is a need for systematic and frequent evaluation for those websites to ensure that basic input validation guidelines are observed.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
