An efficient algorithm and tool for detecting dangerous website vulnerabilities

Hoang Viet Long; Tong Anh Tuan; David Taniar; Nguyen van Can; Hoang Minh Hue; Nguyen Thi Kim Son

doi:10.1504/IJWGS.2020.106128

An efficient algorithm and tool for detecting dangerous website vulnerabilities

Hoang Viet Long, Tong Anh Tuan, David Taniar, Nguyen van Can, Hoang Minh Hue, Nguyen Thi Kim Son

Department of Software Systems & Cybersecurity

Research output: Contribution to journal › Article › Research › peer-review

8 Citations (Scopus)

Abstract

Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.

Original language	English
Pages (from-to)	81-104
Number of pages	24
Journal	International Journal of Web and Grid Services
Volume	16
Issue number	1
DOIs	https://doi.org/10.1504/IJWGS.2020.106128
Publication status	Published - 2020

Keywords

Cross-site scripting
Detection algorithm
SQL injection
Web security vulnerabilities

Access to Document

10.1504/IJWGS.2020.106128

342865697-oaFinal published version, 574 KB

Cite this

@article{2f6f6131a27d4009bb82ab0ec870a74c,

title = "An efficient algorithm and tool for detecting dangerous website vulnerabilities",

abstract = "Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.",

keywords = "Cross-site scripting, Detection algorithm, SQL injection, Web security vulnerabilities",

author = "Long, {Hoang Viet} and Tuan, {Tong Anh} and David Taniar and {van Can}, Nguyen and Hue, {Hoang Minh} and Son, {Nguyen Thi Kim}",

note = "Funding Information: The authors would like to thank the Editor-in-Chief, and the anonymous referees for their helpful comments and valuable suggestions, which greatly improved this paper. We also would like to thank Doan Dac Xuan Anh for his kind support in computer programming. This work was supported by the Domestic Master/PhD Scholarship Programme of Vingroup Innovation Foundation. Publisher Copyright: Copyright {\textcopyright} 2020 Inderscience Enterprises Ltd. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.",

year = "2020",

doi = "10.1504/IJWGS.2020.106128",

language = "English",

volume = "16",

pages = "81--104",

journal = "International Journal of Web and Grid Services",

issn = "1741-1106",

publisher = "Inderscience Publishers",

number = "1",

}

TY - JOUR

T1 - An efficient algorithm and tool for detecting dangerous website vulnerabilities

AU - Long, Hoang Viet

AU - Tuan, Tong Anh

AU - Taniar, David

AU - van Can, Nguyen

AU - Hue, Hoang Minh

AU - Son, Nguyen Thi Kim

N1 - Funding Information: The authors would like to thank the Editor-in-Chief, and the anonymous referees for their helpful comments and valuable suggestions, which greatly improved this paper. We also would like to thank Doan Dac Xuan Anh for his kind support in computer programming. This work was supported by the Domestic Master/PhD Scholarship Programme of Vingroup Innovation Foundation. Publisher Copyright: Copyright © 2020 Inderscience Enterprises Ltd. Copyright: Copyright 2020 Elsevier B.V., All rights reserved.

PY - 2020

Y1 - 2020

N2 - Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.

AB - Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.

KW - Cross-site scripting

KW - Detection algorithm

KW - SQL injection

KW - Web security vulnerabilities

UR - http://www.scopus.com/inward/record.url?scp=85082837229&partnerID=8YFLogxK

U2 - 10.1504/IJWGS.2020.106128

DO - 10.1504/IJWGS.2020.106128

M3 - Article

AN - SCOPUS:85082837229

VL - 16

SP - 81

EP - 104

JO - International Journal of Web and Grid Services

JF - International Journal of Web and Grid Services

SN - 1741-1106

IS - 1

ER -

An efficient algorithm and tool for detecting dangerous website vulnerabilities

Abstract

Keywords

Access to Document

Other files and links

Cite this