A New Feature to Secure Web Applications

摘要

Web application security is one of essential components of any web-based systems. As becoming popular of the Internet makes many web sites be attacked by many kinds of attacks. So, we have to propose a secure framework for web applications. For this reason, we have to propose a web application framework which not only analyzes the source code implemented by web developers, also it can detects the vulnerabilities in the source code dynamically. Although a lot of research works have already proposed detection methods of vulnerabilities in web application attacks, but those are not fully detected because their methods do not use the information of the web applications. Therefore, we propose a new method which analyzes the source code of a web application, and then modifies it if needed, in addition, our method has a detection method of an application’s vulnerabilities that are difficult to detect by previous methods. According to our implementation and experiments, it is possible to detect actual attacks, which have been considered difficult to detect, against authentication leaks and SQL injection attacks using dynamic queries.