Testing and Debugging Web Applications: An End-User Perspective

Phalgune, A.

doi:10.1109/vlhcc.2004.54

Cited by 2 publications

(1 citation statement)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In other words, dynamic analysis relies on simulating user interactions with web pages, including interactions designed with potentially malicious intent. Because dynamic analysis uses a real website to find vulnerabilities in real time, found vulnerabilities are much more likely to be real than with static analysis, which has problems with detecting false positives [ 18 , 19 ]. Black box testing determines whether a web application has a vulnerability by inputting testing data to the application and analyzing its response [ 9 ], as opposed to white box testing which focuses on source code parsing and analysis.…”

Section: Algorithm Principlementioning

confidence: 99%

Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks

Cho

Pan

2013

The Scientific World Journal

View full text Add to dashboard Cite

Given the proliferation of internet connected devices, IPv6 has been proposed to replace IPv4. Aside from providing a larger address space which can be assigned to internet enabled devices, it has been suggested that the IPv6 protocol offers increased security due to the fact that with the large number of addresses available, standard IP scanning attacks will no longer become feasible. However, given the interest in attacking organizations rather than individual devices, most initial points of entry onto an organization's network and their attendant devices are visible and reachable through web crawling techniques, and, therefore, attacks on the visible application layer may offer ways to compromise the overall network. In this evaluation, we provide a straightforward implementation of a web crawler in conjunction with a benign black box penetration testing system and analyze the ease at which SQL injection attacks can be carried out.

show abstract

Section: Algorithm Principlementioning

confidence: 99%

Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks

Cho

Pan

2013

The Scientific World Journal

View full text Add to dashboard Cite

show abstract

Implementation and analysis of website security mining system, applied to universities' academic networks

Cho

2015

Teh. vjesn.

View full text Add to dashboard Cite

Original scientific paper It is becoming increasingly common for web application and data storage services to be handled by cloud computing; therefore, more and more people are putting their private information on the internet, motivating research into cloud computing, database security and authority encryption. In the Open Web Application Security Project (OWASP) assessment, SQL injection is one of the most dangerous attack vectors in internet security. With this in mind, we have implemented a system named the website security mining system, which leverages a web crawling algorithm to analyze web URL and e-mail address leaks through black-box testing of 20 well-known universities' websites. Based on our data, academic website maintainers can be clearly informed about what kind of danger they are exposed to, which URLs are highly in danger, and the need to patch the website to protect against vulnerabilities and prevent academic resources from attacks. We hope that in the future, academic networks will gain more attention in the information security community, just like commercial and government networks today. Keywords: academic networks; black-box testing; database security; search engine; SQL injectionUvođenje i analiza sustava za probijanje sigurnosti web mjesta s primjenom na sveučilišne akademske mreže Izvorni znanstveni članak Sve je uobičajenije za web aplikacije i poslužitelje za pohranu podataka rukovanje putem programskog rješenja u oblaku; stoga je sve veći broj ljudi koji svoje privatne podatke stavljaju na internet, motivirajući istraživanje mogućnosti programskog rješenja u oblaku, sigurnosti baza podataka i kodiranih nadležnosti. U procjeni Open Web Application Security Project (OWASP)-a, ubacivanje SQL-a jedan je od najopasnijih napadnih vektora na sigurnost interneta. Imajući to u vidu, uveli smo sustav nazvan sustav za probijanje sigurnosti web mjesta, koji pokreće algoritam za pretraživanje weba kako bi analizirao propuste na zaštiti URL-a i adresa e-pošte ispitivanjem crnih kutija web mjesta 20 poznatih sveučilišta. Na temelju naših podataka, održavatelji akademskih web mjesta mogu saznati kakvoj su opasnosti izloženi, kojim URL-ovima prijeti veća opasnost i što učiniti kako bi uredili web stranicu za zaštitu od ranjivosti i sprijećili napade na akademske resurse. Nadamo se da će se u budućnosti veća pažnja posvetiti sigurnosti informacija na akademskim mrežama, kako se to danas čini s komercijalnim i vladinim mrežama. Ključne

show abstract

Testing and Debugging Web Applications: An End-User Perspective

Cited by 2 publications

References 10 publications

Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks

Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks

Implementation and analysis of website security mining system, applied to universities' academic networks

Contact Info

Product

Resources

About