An automatic meta-revised mechanism for anti-malicious injection
NBiS'07 Proceedings of the 1st international conference on Network-based information systems
An empirical investigation into open source web applications' implementation vulnerabilities
Empirical Software Engineering
Practical elimination of external interaction vulnerabilities in web applications
Journal of Web Engineering
Hi-index | 0.00 |
Many web application security vulnerabilities result from generic input validation problems. Examples of such vulnerabilities are SQL injection and Cross-Site Scripting (XSS). Some sites attempt to protect themselves by filtering malicious input, but a surprising number of web applications have used no mechanisms to validate input. We have developed a advanced tool that can producing a proper input validation function depending on the database server and the application framework. The tool can automatically insert input proper validation function into the server-side program to eliminate vulnerabilities based on malicious injection. To verify the Efficiency of the tool, we picked the websites made up of some example programs included in the books or created by some web generator tools. Among our experiments, the websites have been automatically injected validation function to avoid malicious injection attack.