Paper Info
Title
An Automatic Mechanism for Sanitizing Malicious Injection
Abstract
According to OWASP Top 10 2007, top 1-5 critical Web application security vulnerabilities caused by unchecked input [1]. Unvalidated Input may lead hacker to inject code to bypass or modify the originally intended functionality of the program to gain information, privilege escalation or unauthorized access to a system. Examples of such vulnerabilities are SQL injection, Shell injection and Cross Site Scripting (XSS). Proper input validation is an effective countermeasure to act as a defense against input attacks but it may induce false negative or false positive. We develop a defense system consisting of a testing framework and a sanitizing mechanism on a security gateway. The security gateway is allocated in front of application server to mitigate malicious injection. To verify the efficiency of the sanitizing mechanism, we focus on whether the filter rules have better detection rate to sanitize input data. Among our experiments, different fields may be automatically injected proper validation rules made up of some sub-rules. By means of the mechanism, we reduce false rate and prove that the hybrid method is more ideal than any traditional input handling.
Year
DOI
Venue
2008
10.1109/ICYCS.2008.182
ICYCS
Keywords
Field
DocType
false rate,unchecked input,input data,automatic mechanism,security gateway,sanitizing mechanism,traditional input handling,proper input validation,input attack,sanitizing malicious injection,sql injection,critical web application security,security,false positive,input validation,testing,encoding,application server,logic gates,web application security,filtering,cross site scripting,servers
Data validation,Validation rule,Computer security,Computer science,Privilege escalation,Server,Computer network,Web application security,Cross-site scripting,SQL injection,Application server
Conference
Citations 
PageRank 
References 
0
0.34
3
Authors
3
Name
Order
Citations
PageRank
Jin-Cherng Lin113616.88
Jan-Min Chen2314.79
Cheng-hsiung Liu3264.08