Skip to main content
SpringerLink
Log in

An Automatic Meta-revised Mechanism for Anti-malicious Injection

  • Conference paper
Network-Based Information Systems (NBiS 2007)

Part of the book series: Lecture Notes in Computer Science ((LNISA,volume 4658))

Included in the following conference series:

Abstract

“Invalidated Input” is Top One Critical Web Application Security Vulnerabilities according to have been released by Open Web Applications Security Project (OWASP) on July 14, 2004. Many web application security vulnerabilities result from generic input validation problems. Some sites attempt to protect themselves by filtering malicious input, but it may not be viable to modify the source of such components. We have tried to develop an automatic defense mechanism that can produce a proper input validation function on security gateway to filter malicious injection. To verify the efficiency of the tool, we picked the websites made up of some Web applications often contain third-party vulnerable components which was shipped in binary form. Among our experiments, the defense mechanism can automatically organize validation functions to avoid malicious injection attack. abstract environment.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Open Web Application Security Project. The ten most critical Web application security vulnerabilities (2004) (visit on 2005/10/05), http://umn.dl.sourceforge.net/sourceforge/owasp/OWASPTopTen2004.pdf

  2. Lin, J.-C., Chen, J.-M.: An Automatic Revised Tool for Anti-malicious Injection. In: Proceedings of The Sixth IEEE International Conference on Computer and Information Technology (CIT 2006), IEEE, Los Alamitos (2006)

    Google Scholar 

  3. Scott, D., Sharp, R.: Abstracting Application-Level Web Security. In: The 11th International Conference on the World Wide Web (Honolulu, Hawaii, May 2002), pp. 396–407 (2002)

    Google Scholar 

  4. Huang, Y.W., Huang, S.K., Lin, T.P., Tsai, C.H.: Securing Web application code by static analysis and runtime protection. In: Proceedings of the 13th International World Wide Web Conference, New York (May 17-22, 2004)

    Google Scholar 

  5. Huang, Y.W., Yu, F., Hang, C., Tsai, C.H., Lee, D.T., Kuo, S.Y.: Verifying Web applications using bounded model checking. In: Proceedings of the 2004 International Conference Dependable Systems and Networks (DSN 2004), Florence, Italy (June 28-July 1, 2004)

    Google Scholar 

  6. Huang, Y.W., Huang, S.K., Lin, T.P., Tsai, C.H.: Web Application Security Assessment by Fault Injection and Behavior Monitoring. In: Proc. 12th Int’l. World Wide Web Conference, pp.148–159, Budapest, Hungary (2003)

    Google Scholar 

  7. OWASP. WebScarab Project (visit on 2005/10/08), http://www.owasp.org/webscarab/

  8. SPI Dynamics. Web Application Security Assessment. SPI Dynamics Whitepaper (2003)

    Google Scholar 

  9. KaVaDo. Application-Layer Security: InterDo 3.0. KaVaDo Whitepaper (2003), Available from http://www.kavado.com/

  10. Sanctum Inc. AppShield. white paper (March 2003), Available from http://www.sanctuminc.com/

  11. Dharmapurikar, S., Krishnamurthy, P., Sproull, T., Lockwood, J.: Deep Packet Inspection Using Parallel Bloom Filters. In: Proc. 11th Symp. High Performance Interconnects (HOTI 2003), Stanford, California, pp. 44–51 (2003)

    Google Scholar 

  12. SPI Labs, Hybrid Analysis- An Approach to Testing Web Application Security (visit on 2006/3/05), Available from: http://www.spidynamics.com/assets/documents/hybrid_analysis.pdf

  13. Chen, D.-J., Hwang, C.-C., Huang, S.-K., Chen, D.T.: A Testing Framework for Web Application Security Assessment. Journal of Computer Networks 48(5), 739–761 (2005)

    Article  Google Scholar 

Download references

Author information

Authors and Affiliations

  1. The Dept. of Computer Sci & Eng, Tatung University, Taipei 10451, Taiwan

    Jin-Cherng Lin & Jan-Min Chen

  2. The Dept. of Information Management, Yu Da College of Business Miaoli 36143, Taiwan

    Jan-Min Chen

  3. Chung-shan Institute of Science and Technology, Taiwan

    Hsing-Kuo Wong

Authors
  1. Jin-Cherng Lin
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Jan-Min Chen
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Hsing-Kuo Wong
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Tomoya Enokido Leonard Barolli Makoto Takizawa

Rights and permissions

Reprints and permissions

Copyright information

© 2007 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Lin, JC., Chen, JM., Wong, HK. (2007). An Automatic Meta-revised Mechanism for Anti-malicious Injection. In: Enokido, T., Barolli, L., Takizawa, M. (eds) Network-Based Information Systems. NBiS 2007. Lecture Notes in Computer Science, vol 4658. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-540-74573-0_11

Download citation

  • DOI: https://doi.org/10.1007/978-3-540-74573-0_11

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-74572-3

  • Online ISBN: 978-3-540-74573-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation