Return to search

Verifying Web Application Vulnerabilities by Model Checking

Due to the continued development of Internet technology, more and more people are willing to take advantage of high-interaction and diverse web applications to deal with commercial, knowledge-sharing, and social activities. However, while web applications deeply affect our society by degrees, hackers start exploiting web application vulnerabilities to attack innocent end user and back-end database, and therefore pose significant threat in information security.
According to this situation, this paper proposes a detection mechanism based on Model Checking to detect web application vulnerabilities. We reduce the problem whether the vulnerabilities exist or not to a kind of SMT (Satisfiability Modulo Theories) problem, and analyze all of the traces of tainted data flow in web applications to find possible vulnerabilities by SMT solver. The experimental results show that the method we proposed can identify SQL injection and XSS vulnerabilities effectively, and prove our method is a feasible way to find web application vulnerabilities.

Identiferoai:union.ndltd.org:NSYSU/oai:NSYSU:etd-0820109-230125
Date20 August 2009
CreatorsHung, Chun-Chieh
ContributorsBing-Chiang Jeng, Chia-Mei Chen, Yuh-Jiuan Tsay, Chien-Hung Liu
PublisherNSYSU
Source SetsNSYSU Electronic Thesis and Dissertation Archive
LanguageCholon
Detected LanguageEnglish
Typetext
Formatapplication/pdf
Sourcehttp://etd.lib.nsysu.edu.tw/ETD-db/ETD-search/view_etd?URN=etd-0820109-230125
Rightscampus_withheld, Copyright information available at source archive

Page generated in 0.0019 seconds