Research and Implementation of Web Application System Vulnerability Location Technology

Zheng, Lei; Yuan, Hui; Peng, Xiangli; Zhu, Guowei; Guo, You Guang; Deng, Guoru

doi:10.1007/978-3-030-15235-2_125

Cited by 3 publications

(2 citation statements)

References 7 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…However, due to the limited dataset that can be crawled, the attack types detected by this method are relatively few. Zheng et al proposes a novel vulnerability location technology, which can intercept injected statements according to vulnerability types [20]. However, the focus of this paper is vulnerability detection rather than SQL injection attack detection.…”

Section: Related Workmentioning

confidence: 99%

A SQL Injection Detection Method Based on Adaptive Deep Forest

Wang

et al. 2019

IEEE Access

View full text Add to dashboard Cite

Injection attack is the first of the top 10 security threats announced by the OWASP. Meanwhile, SQL injection is one of the most important types among the injection attacks. Because of its various types and fast variations, SQL injection can cause great harm to the network, resulting in data leakage and website paralysis. Due to the heterogeneity of attack load, the diversity of attack methods and the variety of attack modes, SQL injection detection is still a challenging problem. How to defense SQL injection attack effectively becomes the focus and frontier of web security nowadays. Therefore, this paper proposes an adaptive deep forest-based method to detect the complex SQL injection attacks. Firstly, the structure of deep forest is optimized in our paper, the input of each layer is concatenated by the raw feature vector and average of previous outputs. Experiments show that our proposed method effectively solves the problem that the original features of deep forests are degraded with the increasing number of layers. Then, we introduce an AdaBoost algorithm based deep forest model which utilizes error rate to update the weights of features on each layer. That is, in the process of training, different features are assigned with different weights based on their influence on the result. Our model can automatically adjust the structure of the tree model and deal with multi-dimensional fine-grained features to avoid over-fitting problem effectively. The experimental results show that the proposed method has a better performance than classical machine learning methods and deep learning methods.INDEX TERMS SQL injection detection, adaptive deep forest, Web security, AdaBoost.

show abstract

Section: Related Workmentioning

confidence: 99%

A SQL Injection Detection Method Based on Adaptive Deep Forest

Wang

et al. 2019

IEEE Access

View full text Add to dashboard Cite

show abstract

“…The web services are the implementation technology of SOA, and these web services can be accessed over the web using standard Internet protocols such as HTTP (HyperText Transfer Protocol) and HTTPS (Hypertext Transfer Protocol Secure). The security for service oriented architecture is defaulted to transport and network layer security, which is inadequate and obsolete for this current trend of web and communication technologies (Kulesza et al, 2018); (Sfar et al, 2018); (Zheng et al, 2019); (Rudman & Bruwer, 2016); (Newman et al, 2016); (Sirohi et al, 2016). The vendor products are still evolving; however, many products breach the security standards for customization or demand to use as the whole product end-to-end, or both.…”

Section: Introductionmentioning

confidence: 99%

An adaptive authentication and authorization model for service oriented enterprise computing

Ibrahim¹,

Mohamed²,

Hassan

2021

KJS publishes peer-review articles in Mathematics, Computer Sci

View full text Add to dashboard Cite

Service oriented enterprise computing is an integration architectural style aimed to expose and consume coarse grained and fine grained modularization of business functionalities as services that are being deployed in the loosely coupled organizational environment. The web service is the implementation technology of service oriented architecture (SOA) where it is built on the existing networking and web interfacing standards as it has to use the web as a medium of communication and does not have any specialized in-built layer for security. The majority of the vendor security products in the market need specialized hardware/software components, eventually, they break the standards and principles of service oriented architecture. The traditional way of problem solving is not effective for developing security solutions for service oriented computing, as its boundaries keep expanding beyond a single organiza-tional environment due to the advent of communication and business technologies such as the Internet of Things (IoT), hyper-personalization, and edge computing. Hence, it is a mandatory entity in this digital age of enterprise computing to have a specialized authentication and authorization solution exclusively for addressing the existing security gaps in SOA in an adaptive way forward approach. In this paper, the security gaps in the existing Identity and Access Management (IDAM) solutions for service oriented enterprise computing are analyzed, and a novel intelligent security engine which is packed with extended authentication and authorization solution model for service consumption is presented. The authentication and authorization security requirements are considered as cross cutting concerns of SOA implementation and the solution is constructed as Aspect-Oriented Programming (AOP) advices, which enables the solution can be attached as a ‘plug & play’ component without changing the underlying source code of the service implementation. For Proof-of-Concept (PoC), the proposed authentication and authorization security model is tested in a large scale service oriented enterprise computing environment and the results have been analyzed statistically. It is evident from the results that the proposed security model addresses security issues comparatively better than existing security solutions.

show abstract

Vuln-Check: A Static Analyzer Framework for Security Parameters in Web

Jyothi

Lakshmy

2021

Advances in Intelligent Systems and Computing

View full text Add to dashboard Cite

Research and Implementation of Web Application System Vulnerability Location Technology

Cited by 3 publications

References 7 publications

A SQL Injection Detection Method Based on Adaptive Deep Forest

A SQL Injection Detection Method Based on Adaptive Deep Forest

An adaptive authentication and authorization model for service oriented enterprise computing

Vuln-Check: A Static Analyzer Framework for Security Parameters in Web

Contact Info

Product

Resources

About