【 摘 要 】

Nowadays internet is loaded with tons of innovative web applications. This instantaneous growth has paved way for a number of security exposures. Cross Site Scripting attacks (XSS), SQL Injection (SQLI) and Malicious File Execution (MFE) are the foremost web related vulnerabilities reported by Open Web Application Security Project (OWASP). The attackers take advantage of the vulnerabilities in the code of the web applications and engage in activities such as data breach, cookies stealing and password theft which results in severe consequences. The major cause for these glitches is that the scripts allow the user input without scanning for pernicious contents. Several security measures on server-side also available, but they are not applied in large scale, because of the deployment difficulty. On the Client-side, usage of security software worsens the client system’s performance which in turn reduces the web surfing experience of the user. A new tool called XProber has been presented for verifying the string manipulating programs automatically. The pre and post conditions of common string functions using Push Down Automata (PDA) are computed and used to identify the presence of vulnerabilities. This approach is capable of finding hefty amount of pernicious attacks in web application and prevents the attacks.

【 授权许可】

Unknown   

【 预 览 】

附件列表

Files	Size	Format	View
RO201911300380384ZK.pdf	202KB	PDF	download