Automatically hardening web applications using precise tainting

被引：0

作者：

Nguyen-Tuong, A ^{[1
]}

Guarnieri, S ^{[1
]}

Greene, D ^{[1
]}

Shirley, J ^{[1
]}

Evans, D ^{[1
]}

机构：

[1] Univ Virginia, Dept Comp Sci, Charlottesville, VA 22904 USA

来源：

Security and Privacy in the Age of Ubiquitous Computing | 2005年 / 181卷

关键词：

web security; web vulnerabilities; SQL injection; PHP; cross-site scripting attacks; precise tainting; information flow;

D O I：

暂无

中图分类号：

TP [自动化技术、计算机技术];

学科分类号：

0812 ;

摘要：

Most web applications contain security vulnerabilities. The simple and natural ways of creating a web application are prone to SQL injection attacks and cross-site scripting attacks as well as other less common vulnerabilities. In response, many tools have been developed for detecting or mitigating common web application vulnerabilities. Existing techniques either require effort from the site developer or are prone to false positives. This paper presents a fully automated approach to securely hardening web applications. It is based on precisely tracking taintedness of data and checking specifically for dangerous content only in parts of commands and output that came from untrustworthy sources. Unlike previous work in which everything that is derived from tainted input is tainted, our approach precisely tracks taintedness within data values.

引用

页码：295 / 307

页数：13

共 50 条

[41] Using Web Applications in Education
Babic, A.
Vukmirovic, S.
Capko, Z.
2016 39TH INTERNATIONAL CONVENTION ON INFORMATION AND COMMUNICATION TECHNOLOGY, ELECTRONICS AND MICROELECTRONICS (MIPRO), 2016, : 1056 - 1059
[42] A window into the precise control of nitride hardening
不详
PROFESSIONAL ENGINEERING, 2001, 14 (03) : 50 - 50
[43] HARDENING TO PRECISE PATTERNS WITH NUMERICAL CONTROL
STAUFFER, RN
MANUFACTURING ENGINEERING, 1977, 78 (05): : 44 - 45
[44] Automatically testing interactive applications using extended task trees
Madani, Laya
Parissis, Ioannis
JOURNAL OF LOGIC AND ALGEBRAIC PROGRAMMING, 2009, 78 (06): : 454 - 471
[45] Effective and Efficient Memory Protection Using Dynamic Tainting
Doudalis, Ioannis
Clause, James
Venkataramani, Guru
Prvulovic, Milos
Orso, Alessandro
IEEE TRANSACTIONS ON COMPUTERS, 2012, 61 (01) : 87 - 100
[46] Automatically maintaining wrappers for web sources
Raposo, J
Pan, A
Alvarez, M
Hidalgo, J
9TH INTERNATIONAL DATABASE ENGINEERING & APPLICATION SYMPOSIUM, PROCEEDINGS, 2005, : 105 - 114
[47] Automatically Extracting Web Data Records
Mundluru, Dheerendranath
Raghavan, Vijay V.
Wu, Zonghuan
ACTIVE MEDIA TECHNOLOGY, 2010, 6335 : 510 - +
[48] Verification of the web applications using sink web pages
Popescu, Doru Anastasiu
Danauta, Catrinel Maria
PROCEEDINGS OF THE 6TH INTERNATIONAL CONFERENCE ON VIRTUAL LEARNING, ICVL 2011, 2011, : 485 - 491
[49] Testing discovered web services automatically
Karagoz, Pinar
Utku, Selma
WEBIST 2014 - Proceedings of the 10th International Conference on Web Information Systems and Technologies, 2014, 1 : 160 - 167
[50] DESIGN OF AUTOMATICALLY ADAPTABLE WEB WRAPPERS
Ferrara, Emilio
Baumgartner, Robert
ICAART 2011: PROCEEDINGS OF THE 3RD INTERNATIONAL CONFERENCE ON AGENTS AND ARTIFICIAL INTELLIGENCE, VOL 1, 2011, : 211 - 217

← 1 2 3 4 5 →