Skip to main content

Advertisement

SpringerLink
Log in
Menu
Find a journal Publish with us
Search
Cart
Book cover

IFIP International Conference on Network and Parallel Computing

NPC 2012: Network and Parallel Computing pp 138–144Cite as

  1. Home
  2. Network and Parallel Computing
  3. Conference paper
Detection and Mitigation of Web Application Vulnerabilities Based on Security Testing

Detection and Mitigation of Web Application Vulnerabilities Based on Security Testing

  • Taeseung Lee20,
  • Giyoun Won21,
  • Seongje Cho21,
  • Namje Park22 &
  • …
  • Dongho Won20 
  • Conference paper
  • 2633 Accesses

  • 2 Citations

Part of the Lecture Notes in Computer Science book series (LNTCS,volume 7513)

Abstract

The paper proposes a security testing technique to detect known vulnerabilities of web applications using both static and dynamic analysis. We also present a process to improve the security of web applications by mitigating many of the vulnerabilities revealed in the testing phase, and address a new method for detecting unknown vulnerabilities by applying dynamic black-box testing based on a fuzzing technique. The fuzzing technique includes a structured fuzzing strategy that considers the input data format as well as misuse case generation to enhance the detection rate compared to general fuzzing techniques.

Keywords

  • web application
  • security testing
  • vulnerability
  • security

This research was supported by the KCC(Korea Communications Commission), Korea, under the R&D program supervised by the KCA(Korea Communications Agency) (KCA-2012-12-912-06-003).

Download conference paper PDF

References

  1. Ernst, M.D.: Static and dynamic analysis: synergy and duality. In: Proc. of WODA 2003 (ICSE Workshop on Dynamic Analysis) (2003)

    Google Scholar 

  2. Godefroid, P., Levin, M.Y., Molnar, D.: Automated Whitebox Fuzz Testing. NDSS (2008)

    Google Scholar 

  3. Kim, D.J., Cho, S.J.: Fuzzing-based Vulnerability Analysis for Multimedia Players. Journal of KIISE: Computing Practices and Letters 17(2) (2011)

    Google Scholar 

  4. Kim, G., Cho, S.: Fuzzing of Web Application Server Using Known Vulnerability Information and Its Verification. Proc. of the KIISE Korea Computer Congress 2011 38(1-B), 181–184 (2011)

    Google Scholar 

  5. Security Focus Vulnerability Database: Vulnerability Summary for BID: 32804, Security Focus (2008)

    Google Scholar 

  6. Park, N., Kwak, J., Kim, S., Won, D., Kim, H.: WIPI Mobile Platform with Secure Service for Mobile RFID Network Environment. In: Shen, H.T., Li, J., Li, M., Ni, J., Wang, W. (eds.) APWeb Workshops 2006. LNCS, vol. 3842, pp. 741–748. Springer, Heidelberg (2006)

    CrossRef  Google Scholar 

  7. Park, N.: Security Scheme for Managing a Large Quantity of Individual Information in RFID Environment. In: Zhu, R., Zhang, Y., Liu, B., Liu, C. (eds.) ICICA 2010. CCIS, vol. 106, pp. 72–79. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  8. Park, N.: Secure UHF/HF Dual-Band RFID: Strategic Framework Approaches and Application Solutions. In: Jędrzejowicz, P., Nguyen, N.T., Hoang, K. (eds.) ICCCI 2011, Part I. LNCS, vol. 6922, pp. 488–496. Springer, Heidelberg (2011)

    CrossRef  Google Scholar 

  9. Park, N.: Implementation of Terminal Middleware Platform for Mobile RFID computing. International Journal of Ad Hoc and Ubiquitous Computing 8(4), 205–219 (2011)

    CrossRef  Google Scholar 

  10. Park, N., Kim, Y.: Harmful Adult Multimedia Contents Filtering Method in Mobile RFID Service Environment. In: Pan, J.-S., Chen, S.-M., Nguyen, N.T. (eds.) ICCCI 2010, Part II. LNCS (LNAI), vol. 6422, pp. 193–202. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  11. Park, N., Song, Y.: AONT Encryption Based Application Data Management in Mobile RFID Environment. In: Pan, J.-S., Chen, S.-M., Nguyen, N.T. (eds.) ICCCI 2010, Part II. LNCS (LNAI), vol. 6422, pp. 142–152. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  12. Park, N., Song, Y.: Secure RFID Application Data Management Using All-Or-Nothing Transform Encryption. In: Pandurangan, G., Anil Kumar, V.S., Ming, G., Liu, Y., Li, Y. (eds.) WASA 2010. LNCS, vol. 6221, pp. 245–252. Springer, Heidelberg (2010)

    CrossRef  Google Scholar 

  13. Park, N.: The Implementation of Open Embedded S/W Platform for Secure Mobile RFID Reader. The Journal of Korea Information and Communications Society 35(5), 785–793 (2010)

    Google Scholar 

Download references

Author information

Authors and Affiliations

  1. College of Information and Communication Engineering, Sungkyunkwan University, 300 Cheoncheon-dong, Jangan-gu, Suwon-si, Gyeonggi-do, 440-746, Korea

    Taeseung Lee & Dongho Won

  2. Department of Computer Science & Engineering, Dankook University, Korea

    Giyoun Won & Seongje Cho

  3. Department of Computer Education, Teachers College, Jeju National University, Jeju, Korea

    Namje Park

Authors
  1. Taeseung Lee
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Giyoun Won
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Seongje Cho
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Namje Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  5. Dongho Won
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, SeoulTech, 172 Gongreung 2-dong, Nowon-gu, 139-743, Seoul, Korea

    James J. Park

  2. School of Information Technologies, The University of Sydney, Building J12, 2006, Sydney, NSW, Australia

    Albert Zomaya

  3. Division of Computer Engineering, Mokwon University, 88 Do-An-Buk-Ro, Seo-gu, 302-729, Daejeon, Korea

    Sang-Soo Yeo

  4. Department of Computer and Information Science and Engineering, University of Florida, CSE 301, 32611, Gainesville, FL, USA

    Sartaj Sahni

Rights and permissions

Reprints and Permissions

Copyright information

© 2012 IFIP International Federation for Information Processing

About this paper

Cite this paper

Lee, T., Won, G., Cho, S., Park, N., Won, D. (2012). Detection and Mitigation of Web Application Vulnerabilities Based on Security Testing. In: Park, J.J., Zomaya, A., Yeo, SS., Sahni, S. (eds) Network and Parallel Computing. NPC 2012. Lecture Notes in Computer Science, vol 7513. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-35606-3_16

Download citation

  • .RIS
  • .ENW
  • .BIB
  • DOI: https://doi.org/10.1007/978-3-642-35606-3_16

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-35605-6

  • Online ISBN: 978-3-642-35606-3

  • eBook Packages: Computer ScienceComputer Science (R0)

Share this paper

Anyone you share the following link with will be able to read this content:

Sorry, a shareable link is not currently available for this article.

Provided by the Springer Nature SharedIt content-sharing initiative

Search

Navigation

  • Find a journal
  • Publish with us

Discover content

  • Journals A-Z
  • Books A-Z

Publish with us

  • Publish your research
  • Open access publishing

Products and services

  • Our products
  • Librarians
  • Societies
  • Partners and advertisers

Our imprints

  • Springer
  • Nature Portfolio
  • BMC
  • Palgrave Macmillan
  • Apress
  • Your US state privacy rights
  • Accessibility statement
  • Terms and conditions
  • Privacy policy
  • Help and support

167.114.118.210

Not affiliated

Springer Nature

© 2023 Springer Nature