網站應用程式弱點偵測之分析研究

在數位資料處理及網路通訊技術快速發展的時代，許多人們利用網頁來傳遞資訊。若程式設計師因為一些疏失導致網站應用程式有弱點的產生，則網站可能會因為弱點造成嚴重的損失。為了網站應用程式的安全性，管理者多藉由檢測工具來檢測，但往往檢測工具可能檢測的時間過久以及操作不便導致誤報產生，這都讓使用者無法快速的有效解決網站應用程式的弱點修補。本論文是擬針對網站應用程式進行偵測是否有弱點的產生，並使用分散式處理的方式進行，而達到快速並有效發現網站應用程式弱點進而輔助程式設計師進行修補，減少不必要的損失發生。

關鍵字

弱點監測；分散式處理；網站應用程式；資訊安全

並列摘要

In the information-explosion era, website is one of the most convenient tools which people can send a request and access the network services. And web applications would have some vulnerabilities of security since the mistakes of programmer, and it may cause a serious loss. Administrator always uses detection tools for web application security, but it would take very long time and the detection tool is not often designed with the concept of user-friendliness, that make users cannot improve the web application effectively. In this thesis, we will focus on the detection of web application vulnerability and then propose a detection mechanism based on the distributed processing. According to our analysis, we can show that it would make the detection of web application vulnerability faster and more effective and assist programmer to fix the vulnerabilities.

並列關鍵字

Web Vulnerability Detection ； Distributed Processing ； Web Application ； Information Security

參考文獻

[8] White-Box Testing, http://agile.csc.ncsu.edu/ SEMaterials/WhiteBox.pdf, Laurie Williams 2006.

[9] The Security Content Automation Protocol(SCAP), http://scap.nist.gov/

[10] Blanchard, Benjamin S., Wolter J. Fabrycky, and Wolter J. Fabrycky. Systems engineering and analysis. Vol. 4. Englewood Cliffs, New Jersey: Prentice Hall, 1990.

[17] Hossain Shahriar, Mohammad Zulkernine, “MUTEC: Mutation-basedTesting of Cross Site Scripting,” IWSESS '09 Proceedings of the 2009ICSE Workshop on software Engineering for Secure Systems.

[18] Kamal Kumar, Sandeep Jain, “An Authentication Mechanism against SQLInjection on Web Platform,” International Journal of Engineering andInformation Technology, 2011, pp. 5-14.

國際替代計量

網站應用程式弱點偵測之分析研究

未授權

主題瀏覽