Citation
Abstract
In recent times, there is an alarming increase in web application attacks, with significant cases, specifically, targeting Islamic websites. Since 2004, SQL Injection Vulnerabilities (SQLIVs) remains the most serious software security loopholes via which web applications are exploited. Fixing SQLIVs prior to deployment would provide very effective means of protection against such exploits. Ideally, SQLIVs fixing includes four main phases: SQLIVs detection, fix generation, fix application, and fix effectiveness verification. Most existing research works address different phases separately. There is no single research that addresses the four phases in a seamless integrated automation. This paper presents instances of attack on Islamic websites, and then propose framework for seamless integrated and automated SQLIVs fixing for web application, as part of an ongoing research work. The framework employs Evolutionary Programming to establish competitive co-evolution of web applications and test sets, in which fitness of evolved web applications is evaluated based on their ability to defend test attacks and pass legitimate input tests.
Download File
Full text not available from this repository.
|
Additional Metadata
| Item Type: | Conference or Workshop Item (Paper) |
|---|---|
| Divisions: | Faculty of Computer Science and Information Technology |
| DOI Number: | https://doi.org/10.1109/ICT4M.2014.7020604 |
| Publisher: | IEEE (IEEE Xplore) |
| Keywords: | Automated vulnerabilities fixing; Evolutionary programming; Islamic websites; SQL injection; Web attack |
| Depositing User: | Nursyafinaz Mohd Noh |
| Date Deposited: | 18 Jun 2015 03:07 |
| Last Modified: | 08 Jun 2016 08:33 |
| Altmetrics: | http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=&arnumber=7020604 |
| URI: | http://psasir.upm.edu.my/id/eprint/38838 |
| Statistic Details: | View Download Statistic |
Actions (login required)
 |
View Item |