一个有效的算法和工具，用于检测危险的网站漏洞

IF 1 4区计算机科学 Q4 COMPUTER SCIENCE, INFORMATION SYSTEMS International Journal of Web and Grid Services Pub Date : 2020-03-25 DOI:10.1504/ijwgs.2020.10027870

H. Long, Tong Anh Tuan, D. Taniar, Nguyen Van Can, Hoang Minh Hue, N. T. K. Son

{"title":"一个有效的算法和工具，用于检测危险的网站漏洞","authors":"H. Long, Tong Anh Tuan, D. Taniar, Nguyen Van Can, Hoang Minh Hue, N. T. K. Son","doi":"10.1504/ijwgs.2020.10027870","DOIUrl":null,"url":null,"abstract":"Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.","PeriodicalId":54935,"journal":{"name":"International Journal of Web and Grid Services","volume":null,"pages":null},"PeriodicalIF":1.0000,"publicationDate":"2020-03-25","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"8","resultStr":"{\"title\":\"An efficient algorithm and tool for detecting dangerous website vulnerabilities\",\"authors\":\"H. Long, Tong Anh Tuan, D. Taniar, Nguyen Van Can, Hoang Minh Hue, N. T. K. Son\",\"doi\":\"10.1504/ijwgs.2020.10027870\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.\",\"PeriodicalId\":54935,\"journal\":{\"name\":\"International Journal of Web and Grid Services\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":1.0000,\"publicationDate\":\"2020-03-25\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"8\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"International Journal of Web and Grid Services\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://doi.org/10.1504/ijwgs.2020.10027870\",\"RegionNum\":4,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q4\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"International Journal of Web and Grid Services","FirstCategoryId":"94","ListUrlMain":"https://doi.org/10.1504/ijwgs.2020.10027870","RegionNum":4,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q4","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 8

摘要

Web应用程序正在逐步开发并应用于生活的大多数方面。但是，存在着SQL注入、跨站脚本等多种危险的网站安全漏洞。这为黑客为了商业或政治目的或名声而利用和攻击网站创造了机会。一些研究和商业软件已经开发出来扫描和检测这些漏洞。在本文中，我们提出了一种有效的算法研究和工具来检测web安全漏洞。实验结果表明，该方法具有较高的漏洞检测精度。与市场上流行的商业软件相比，我们的工具具有更快的性能，并且可以检测许多不太常见的漏洞，例如shell注入或文件包含。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

An efficient algorithm and tool for detecting dangerous website vulnerabilities

Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

International Journal of Web and Grid Services COMPUTER SCIENCE, INFORMATION SYSTEMS-COMPUTER SCIENCE, SOFTWARE ENGINEERING

CiteScore

2.40

自引率

20.00%

发文量

审稿时长

12 months

期刊介绍： Web services are providing declarative interfaces to services offered by systems on the Internet, including messaging protocols, standard interfaces, directory services, as well as security layers, for efficient/effective business application integration. Grid computing has emerged as a global platform to support organisations for coordinated sharing of distributed data, applications, and processes. It has also started to leverage web services to define standard interfaces for business services. IJWGS addresses web and grid service technology, emphasising issues of architecture, implementation, and standardisation.