Research on Strong-association Rule Based Web Application Vulnerability Detection
With the increase of the web applications in information society, web application software security become more and more important. Recent investigations show that web application vulnerabilities have become the largest security threat. Websense security report shows that in the first half of year 2008 above 75% of the most popular web site have utilized by the hackers to run malicious code. Detecting and solving vulnerability is the effective way to enhance web security. In this paper we focus on the regression test in web vulnerability detection, and present a strong-association rule based algorithm to make the detection more efficient. In the first step we traverse the whole web site to get the web page collection. And then, in the regression test, we make the association between the pages and expand the pages to a collection set. The set will used in the following iterate traverse. And we define the relational grade to describe the association. Finally, we do the experiment on our target web site which contains the known vulnerabilities such as XSS and SQL injection, and the result shows that the algorithm can detect almost all the pages that may contains vulnerabilities in the target web site.
Web security testing Web vulnerability Strong association Rule
TIAN He XU Jing LIAN Kunmei ZHANG Ying
Institute of machine intelligence, Nankai University TianJin, China, 300071
国际会议
北京
英文
898-902
2009-08-08(万方平台首次上网日期,不代表论文的发表时间)