2018
DOI: 10.1007/978-3-662-58611-2_5
|View full text |Cite
|
Sign up to set email alerts
|

GuruWS: A Hybrid Platform for Detecting Malicious Web Shells and Web Application Vulnerabilities

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
2
1

Citation Types

0
6
0

Year Published

2020
2020
2023
2023

Publication Types

Select...
4
3
1

Relationship

0
8

Authors

Journals

citations
Cited by 10 publications
(6 citation statements)
references
References 9 publications
0
6
0
Order By: Relevance
“…In particular, MJDetector can distinguish JavaScipt assaults in current website pages with high precision 94.76% and de-jumble muddle code of explicit sorts with exactness 100% though the gauge strategy can just identify with exactness 81.16% and has no limit of deobscurity. The recent study proposes Le et al [96] E-THAPS which actualizes a novel discovery component, an improved SQL infusion, Cross-site Scripting, and helplessness identification capacities. For vindictive web shell identification, pollute examination, and example coordinating techniques are picked to be actualized in GuruWS.…”
Section: ) Discussionmentioning
confidence: 99%
See 1 more Smart Citation
“…In particular, MJDetector can distinguish JavaScipt assaults in current website pages with high precision 94.76% and de-jumble muddle code of explicit sorts with exactness 100% though the gauge strategy can just identify with exactness 81.16% and has no limit of deobscurity. The recent study proposes Le et al [96] E-THAPS which actualizes a novel discovery component, an improved SQL infusion, Cross-site Scripting, and helplessness identification capacities. For vindictive web shell identification, pollute examination, and example coordinating techniques are picked to be actualized in GuruWS.…”
Section: ) Discussionmentioning
confidence: 99%
“…The challenge with hybrid analysis is that DAST relies on data being reflected in the browser, so if a SAST data flow is not reflected in the browser as a DAST issue. From the existing study, Le et al [96] and Stock et al [94] are useful approaches in hybrid Analysis. The methods of hybrid analysis are summarized year-wise shows in Fig.…”
Section: ) Discussionmentioning
confidence: 99%
“…-This methodology in comparison to other proposals how [70][71][72][73][74], differs in the first place in that the necessary criteria that allow taking advantage of the coverage of static and dynamic analyzes as a whole are not defined, but rather, they use each One of these approaches separately, also do not establish a clear way of how to discern the results produced by tools, which generate many false positives. They also do not use the criteria for checking results manually.…”
Section: Rq5 How This Methodology Differs From Other Methodologies Th...mentioning
confidence: 99%
“…The method designed in [73] establishes the penetration testing mechanism (PenTesting). The work implemented in [74] designs an injection tool for SQLi and XSS, however its degree of coverage is very limited. The method designed in [72] uses analysis tools based on the Kali Linux Operating System.…”
Section: Rq5 How This Methodology Differs From Other Methodologies Th...mentioning
confidence: 99%
“…Le et al [47,48] combined taint analysis and pattern matching to detect webshells. Taint analysis is performed to divide the code into tokens during the lexical analysis phase.…”
Section: Static Methodsmentioning
confidence: 99%