{"title":"Hunting malicious attacks in social networks","authors":"D. Arulsuju","doi":"10.1109/ICOAC.2011.6165172","DOIUrl":null,"url":null,"abstract":"The Rapid growth of internet resulted in feature rich and dynamic web applications. This increase in features also introduced completely under estimated attack vectors. Cross site scripting attacks, SQL Injection and malicious file execution are the most dominant classes of web vulnerabilities reported by OWASP 2011. These attacks make use of vulnerabilities in the code of web applications, resulting in serious consequences, such as theft of cookies, passwords and other personal credentials. It is caused by scripts, which do not sanitize user input. Several server-side counter measures for XSS attacks do exist, but such techniques have not been universally applied, because of their deployment overhead. The existing client-side solutions degrade the performance of client's system resulting in a poor web surfing experience. We present automata-based symbolic string analyses (XHunter)for automatic verification of string manipulating programs we compute the pre and post conditions of common string functions using deterministic finite automata (DFAs). Experiment result shows that our approach finds large number of malicious attacks in web application.","PeriodicalId":369712,"journal":{"name":"2011 Third International Conference on Advanced Computing","volume":"28 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2011-12-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"7","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2011 Third International Conference on Advanced Computing","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICOAC.2011.6165172","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 7
Abstract
The Rapid growth of internet resulted in feature rich and dynamic web applications. This increase in features also introduced completely under estimated attack vectors. Cross site scripting attacks, SQL Injection and malicious file execution are the most dominant classes of web vulnerabilities reported by OWASP 2011. These attacks make use of vulnerabilities in the code of web applications, resulting in serious consequences, such as theft of cookies, passwords and other personal credentials. It is caused by scripts, which do not sanitize user input. Several server-side counter measures for XSS attacks do exist, but such techniques have not been universally applied, because of their deployment overhead. The existing client-side solutions degrade the performance of client's system resulting in a poor web surfing experience. We present automata-based symbolic string analyses (XHunter)for automatic verification of string manipulating programs we compute the pre and post conditions of common string functions using deterministic finite automata (DFAs). Experiment result shows that our approach finds large number of malicious attacks in web application.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
