透過您的圖書館登入 IP:18.118.120.109
透過您的圖書館登入
IP:18.118.120.109
  • 精確檢索 : 冠狀病毒
  • 模糊檢索 : 冠狀病毒
  • 冠狀病毒感染
    冠狀病毒疾病
  • 查詢出版品: 冠狀病毒
進階查詢
查詢歷史
主題瀏覽
  • 學位論文

運用網頁比對與文本情感分析之資料隱碼攻擊漏洞自動偵測

Automated Testing for SQL Injection Vulnerabilities via Web Page Comparison and Sentiment Analysis

黃名玄(Ming-Hsuan Huang)
指導教授 : 陳彥錚
國立暨南國際大學/管理學院/資訊管理學系/碩士(2021年)
https://doi.org/10.6837/ncnu202100196
全文下載

摘要

隨著網頁技術的推陳出新,網頁應用程式已是目前主從式網路應用的開發方式,回顧網頁應用程式的技術發展與其各式應用,網站安全依舊是網頁應用程式最主要的挑戰,從關注網站安全的OWASP組織多次條列網站的十大安全風險,我們可以發現資料隱碼攻擊(Injection)或是跨站腳本攻擊(Cross-Site Scripting)依然列於其中,如何有效開發安全的網站應用程式避免上述攻擊是一重要課題。網站開發者為了預先找出網站的安全漏洞,通常會使用漏洞測試工具進行檢測,然而檢測結果仍需經由人工判斷,本研究提出一個可以降低人工判斷的資料隱碼攻擊漏洞自動偵測工具,此工具分別運用錯誤訊息判斷、網頁內容比對、以及文本情感分析三種方式自動判斷測試結果。本研究運用WebDriver開發自動偵測工具,並使用79個測試個案對兩個網站進行測試,測試結果顯示三種判斷方式的有效性,預期可以大幅降低網站安全測試的人工負擔,並增進測試的正確性。

關鍵字

網站安全 資料隱碼攻擊 漏洞檢測 文本情感分析

並列摘要

As the development of web technologies, web-based applications have been deployed widely. Although web technologies and their applications are adopted for years, web security is still a vital issue in developing web applications. Injection and Cross-Site Scripting are the two threats often listed in the top 10 web application security risks, surveyed by the OWASP foundation in past years. Web application developers usually use vulnerability testing tools to find possible flaws and to fix them before deploying their web applications. However, these testing tools require a lot of manual work for final identifications of the potential flaws found by the testing tools. In this thesis, we will propose an automated testing tool for SQL injection vulnerabilities. This tool reduces the human burden in verifying the test results via three verification approaches, including error message identification, content comparison, and sentiment analysis. The testing tool is implemented on WebDriver, and a testing of 79 test cases is conducted on two web sites. Test results demonstrate the effectiveness of the proposed verification methods. It is anticipated that the manual work in vulnerability testing can be reduced and the correctness of test results can be increased.

並列關鍵字

Web Security SQL Injection Vulnerability Testing Sentiment Analysis

參考文獻

Alzahrani, A., Alqazzaz, A., Zhu, Y., Fu, H., & Almashfi, N. (2017, May). Web application security tools analysis. In 2017 ieee 3rd international conference on big data security on cloud (bigdatasecurity) (pp. 237-242). IEEE.
Bizimana, O., & Belkhouja, T. (2017). SQL injections and mitigations Scanning and Exploitation using SQLmap. Retrieved February 10 2021, from https://www.researchgate.net/publication/323152974_SQL_injections_and_mitigations_Scanning_and_Exploitation_using_SQLmap
Charikar, M. S. (2002, May). Similarity estimation techniques from rounding algorithms. In Proceedings of the thiry-fourth annual ACM symposium on Theory of computing (pp. 380-388).
Fan, X., Li, X., Du, F., Li, X., & Wei, M. (2016, November). Apply word vectors for sentiment analysis of APP reviews. In 2016 3rd International Conference on Systems and Informatics (ICSAI) (pp. 1062-1066). IEEE.
Ghanbari, Z., Rahmani, Y., Ghaffarian, H., & Ahmadzadegan, M. H. (2015, November). Comparative approach to web application firewalls. In 2015 2nd International Conference on Knowledge-Based Engineering and Innovation (KBEI) (pp. 808-812). IEEE.

延伸閱讀

全文下載