The Accuracy Sanitizing Methods Based on Injection Point

• Main Authors: Tien-wei Lin, 林典蔚
• Other Authors: Jin-cherng Lin
• Format: Others
• Language: zh-TW
• Published: 2009
• Online Access: http://ndltd.ncl.edu.tw/handle/04261143330693282182

碩士 === 大同大學 === 資訊工程學系(所) === 97 === Numbers of the programs are poorly written, lacking even the most basic security procedures for handling input data from users. The input validation vulnerability can be detected by many tools but few tools can fix the flaws automatically. The security gateway can used to protect vulnerable Web sites immediately but it may induce false recognition through impersonal rule. By means of hybrid analysis and injection test, the Web pages having vulnerability can be listed. Only those in vulnerable list need to be checked completely, so as to mitigate the system load and false positives effectively. Moreover an algorithm based on multilevel strategy is proposed producing individual sanitizing rule automatically for every vulnerable injection point. To meet the aim of automated validation, the hybrid analyzer, the testing framework and the meta-programs are integrated into a sanitizing mechanism after we analyze the data flow. According to the experimental results, the mechanism has been proved to be a more effective scheme than those traditional input handling methods for mitigating malicious injection.