期刊论文详细信息
Advances in Electrical and Computer Engineering | |
WAPTT - Web Application Penetration Testing Tool | |
DURIC, Z.. | |
关键词: databases; security; vulnerabilities; web sites; web applications; | |
DOI : 10.4316/AECE.2014.01015 | |
学科分类:计算机科学(综合) | |
来源: Universitatea "Stefan cel Mare" din Suceava | |
![]() |
【 摘 要 】
Web applications vulnerabilities allow attackers to perform malicious actions that range from gaining unauthorized account access to obtaining sensitive data. The number of reported web application vulnerabilities in last decade is increasing dramatically. The most of vulnerabilities result from improper input validation and sanitization. The most important of these vulnerabilities based on improper input validation and sanitization are: SQL injection (SQLI), Cross-Site Scripting (XSS) and Buffer Overflow (BOF). In order to address these vulnerabilities we designed and developed the WAPTT (Web Application Penetration Testing Tool) tool - web application penetration testing tool. Unlike other web application penetration testing tools, this tool is modular, and can be easily extended by end-user. In order to improve efficiency of SQLI vulnerability detection, WAPTT uses an efficient algorithm for page similarity detection. The proposed tool showed promising results as compared to six well-known web application scanners in detecting various web application vulnerabilities.【 授权许可】
Unknown
【 预 览 】
Files | Size | Format | View |
---|---|---|---|
RO201902180501155ZK.pdf | 455KB | ![]() |