A Web Application Runtime Application Self-protection Scheme against Script Injection Attacks

被引：4

作者：

Yin, Zhongxu ^{[1
]}

Li, Zhufeng ^{[2
]}

Cao, Yan ^{[1
]}

机构：

[1] State Key Lab Math Engn & Adv Comp, Zhengzhou 450001, Henan, Peoples R China

[2] Zhengzhou Informat Sci & Technol Inst, Zhengzhou 450002, Henan, Peoples R China

来源：

CLOUD COMPUTING AND SECURITY, PT II | 2018年 / 11064卷

基金：

中国国家自然科学基金;

关键词：

Script injection; Program analyzing; Dataflow analyzing; Runtime application self-protection;

D O I：

10.1007/978-3-030-00009-7_51

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Script injection vulnerabilities are popular vulnerabilities in dynamic web applications. Necessary conditions were analyzed for the generation and exploitation of script injection vulnerabilities to provide protection against different injection types. Combined with the analysis of the host language and the object language, the statements were located with their types in the HTML statements. Based on the control flow graph, the data dependency relation subgraph containing source points and sink points was built. A filter insertion algorithm is designed for this sub-graph to define different input data type filtering strategies. Then a solution was implemented based on data flow analysis and automatic insertion of filters before relevant sink statements.

引用

页码：566 / 577

页数：12

共 50 条

[21] Artificial Intelligent Web Application Firewall for advanced detection of web injection attacks
Roman-Gallego, Jesus-Angel
Perez-Delgado, Maria-Luisa
Vinuela, Marcos Luengo
Vega-Hernandez, Maria-Concepcion
EXPERT SYSTEMS, 2025, 42 (01)
[22] Improving the Quality of Protection of Web Application Firewalls by a Simplified Taxonomy of Web Attacks
Han, Yi
Sakai, Akihiro
Hori, Yoshiaki
Sakurai, Kouichi
ADVANCES IN INFORMATION SECURITY AND ITS APPLICATION, 2009, 36 : 105 - +
[23] THE MECHANISMS FOR SELF-PROTECTION AGAINST BACTERIAL PHYTOTOXINS
DURBIN, RD
LANGSTONUNKEFER, PJ
ANNUAL REVIEW OF PHYTOPATHOLOGY, 1988, 26 : 313 - 329
[24] Comparative risk aversion in two periods: An application to self-insurance and self-protection
Huber, Tobias
JOURNAL OF RISK AND INSURANCE, 2022, 89 (01) : 97 - 130
[25] Second Skin as Self-Protection Against γ-Hydroxybutyrate
Kim, Gyeong-Ji
Park, Seon Joo
Kim, Lina
Kim, Kyung Ho
Kim, Soomin
An, Jai Eun
Shin, Chan Jae
Seo, Sung Eun
Jo, Seongjae
Kim, Jinyeong
Ha, Siyoung
Seo, Hwi Won
Rho, Mun-Chual
Kwon, Do Hyung
Kim, Woo-Keun
Jeong, Gugin
Ryu, Jae Chun
Kim, Jae Joon
Kwon, Oh Seok
ACS NANO, 2023, 17 (24) : 25405 - 25418
[26] Self-Protection Against Business Logic Vulnerabilities
Zeller, Silvan
Khakpour, Narges
Weyns, Danny
Deogun, Daniel
2020 IEEE/ACM 15TH INTERNATIONAL SYMPOSIUM ON SOFTWARE ENGINEERING FOR ADAPTIVE AND SELF-MANAGING SYSTEMS, SEAMS, 2020, : 174 - 180
[27] Self-Protection Mechanisms for Web Applications A Case Study
Raibulet, Claudia
Leporati, Alberto
Metelli, Andrea
ENASE: PROCEEDINGS OF THE 11TH INTERNATIONAL CONFERENCE ON EVALUATION OF NOVEL SOFTWARE APPROACHES TO SOFTWARE ENGINEERING, 2016, : 181 - 188
[28] Web Server Protection against Application Layer DDoS Attacks using Machine Learning and Traffic Authentication
Ndibwile, Jema David
Govardhan, A.
Okada, Kazuya
Kadobayashi, Youki
IEEE 39TH ANNUAL COMPUTER SOFTWARE AND APPLICATIONS CONFERENCE WORKSHOPS (COMPSAC 2015), VOL 3, 2015, : 261 - 267
[29] Runtime Code Polymorphism as a Protection Against Side Channel Attacks
Courousse, Damien
Barry, Thierno
Robisson, Bruno
Jaillon, Philippe
Potin, Olivier
Lanet, Jean-Louis
INFORMATION SECURITY THEORY AND PRACTICE, WISTP 2016, 2016, 9895 : 136 - 152
[30] Defending Against Web Application Attacks: Approaches, Challenges and Implications
Mitropoulos, Dimitris
Louridas, Panos
Polychronakis, Michalis
Keromytis, Angelos Dennis
IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2019, 16 (02) : 188 - 203

← 1 2 3 4 5 →