The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
SQL Injection Vulnerability (SQLIV) has been the top-ranked threat to the Web security consistently for many years. Penetration tests, which are a most widely adopted technique to detect SQLIV, are usually affected by testing inaccuracy. This problem is even worse in inferencebased, blind penetration tests for online Web sites, where Web page variations (such as those caused by inbuilt dynamic modules...
The best practice to prevent Cross Site Scripting (XSS) attacks is to apply encoders to sanitize untrusted data. To balance security and functionality, encoders should be applied to match the web page context, such as HTML body, JavaScript, and style sheets. A common programming error is the use of a wrong encoder to sanitize untrusted data, leaving the application vulnerable. We present a security...
Websites typically include many forms or web elements that allow users to enter and submit data. This data will be eventually executed in the back-end databases. Users can, intentionally or unintentionally enter improper input data that, if reach those back-end databases, may cause some serious security or damaging problems. For proper user interface design as well as for security reasons, it is important...
This paper presents a dynamic detection method based on simulating browser behavior, and designs a web crawler based on a headless browser, which can interpret the JavaScript code and retrieve Ajax content to find the hidden injection points in pages, with full consideration of the web pages containing complex scripts under Web 2.0 environment. In implementation, this paper uses dynamic analysis in...
In recent yeas a lot of web applications have been released in the world. At the same time, cyber attacks against web application vulnerabilities have also increased. In such a situation, it is necessary to make web applications more secure. However checking all web vulnerabilities by hand is very difficult and time-consuming. Therefore, we need a web application vulnerability scanner. In this work,...
In an attempt to support customization, many web applications allow the integration of third-party server-side plugins that offer diverse functionality, but also open an additional door for security vulnerabilities. In this paper we study the use of static code analysis tools to detect vulnerabilities in the plugins of the web application. The goal is twofold: 1) to study the effectiveness of static...
With the advancement in technology and availability of internet access and smart mobile systems, there has been an increasing interest in eHealth related research activities due to the attractive and important benefits that eHealth systems can offer to many. However, the security of the eHealth systems has been a great concern. In this paper, we discuss the pilot design experience and results of a...
Web application has got a remarkable change in the past few years, many new technologies are reshaping the pattern of Web applications. Since many manufacturers' promotion on HTML5 technology, more and more websites are using HTML5 gradually. The new technology provides users with a variety of Internet applications, but introduces new security problems at the same time. Currently, most Web application...
Web applications have become a very popular means of developing software. This is because of many advantages of web applications like no need of installation on each client machine, centralized data, reduction in business cost etc. With the increase in this trend web applications are becoming vulnerable for attacks. Cross site scripting (XSS) is the major threat for web application as it is the most...
This paper describes the main contents and major types of the current Web security testing to introduce several programmers' fallible aspects, and also gives some cases introduction to Web security testing problems. Finally this paper gives the security testing tools and the corresponding coping Web security testing strategy, hoping to improve the efficiency of Web security testing to further improve...
Security is a crucial concern, especially for those applications, like web-based programs, that are constantly exposed to potentially malicious environments. Security testing aims at verifying the presence of security related defects. Security tests consist of two major parts, input values to run the application and the decision if the actual output matches the expected output, the latter is known...
Over the last fifteen years, Web applications have evolved from the early simple and hyper-text based ones into the more complex, interactive, usable and adaptive applications of the new generations. New paradigms, architectures, and technologies for developing Web-based systems continuously emerge and transform this specific context. At the same time, new techniques and tools for effectively testing...
The increased volume of transaction and communication over the World Wide Web in industries like banking, insurance, healthcare, travel and many others has triggered a number of unprecedented security issues. Most web applications today are susceptible to attacks ranging from unauthorized access, movement, alteration or deletion of files, virus attacks, and thefts of data. The use of perimeter defenses...
Crawling is a necessary step for testing web applications for security. An important concept that impacts the efficiency of crawling is state equivalence. This paper proposes two techniques to improve any state equivalence mechanism. The first technique detects parts of the pages that are unimportant for crawling. The second technique helps identifying session parameters. We also present a summary...
At present, the complexity of input and unverified assumptions about other components of the rich web applications is a problem requesting much more attention. Most client-side applications are designed without the full consideration of input validation. These issues can cause a new class of web threats. To deal with the security issues above, we classify and highlight a new class of vulnerabilities...
Nowadays, with the prevalence of Web applications, more and more services and information are available over the Internet while their correctness, security and reliability are often crucial to the success of business and organizations. Web testing is one of the methods to ensure the Web security. However, due to the special characters of Web applications, traditional testing methods are not suitable...
More and more web applications suffer the presence of cross-site scripting vulnerabilities that could be exploited by attackers to access sensitive information (such as credentials or credit card numbers). Hence proper tests are required to assess the security of web applications. In this paper, we resort to a search based approach for security testing web applications. We take advantage of static...
With the rapid development of the Information Technology and communication technology, considerable progress has also been made in the development of education information. Owing to the cumbersome and inefficient work of traditional English exam, in order to reduce English teachers' workload, improve their efficiency and optimize examination process, this paper designs and develops an online English...
This paper offers a fresh perspective on the aspect of application security, highlighting a sample attack that is not currently being protected against. Here is a case study which discussed identifying poor coding practices that render Web applications vulnerable to attacks such as remote command execution. Given the increased focus on the need for application security, it is now to be hoped that...
Considering the design of inclusive interfaces of static and dynamic Web pages, this work focuses on the group of users with cognitive/intellectual disabilities, while simultaneously accounting for the needs of users with mobility and sensory deficits. A number of specific universal design principles are derived from a variety of cognitive disabilities, such as problems with linguistics (text and...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.