声明
ABSTRACT
摘要
TABLE OF CONTENTS
LIST OF FIGURES
LIST OF TABLES
CHAPTER 1:INTRODUCTION
1.1 Background
1.2 Motivation
1.3 Problem Statement
1.4 Definition of frequently used terminologies in this Thesis
1.5 Organization
1.6 Contributions
1.7 Summary
CHAPTER 2:LITERATURE REVIEW
2.1 Web Application Attacks demystification
2.1.1 Structure Query Language(SQL)Injection
2.1.2 SQL Injection Attacks Vector
2.2.3 Incorrectly filtered escape characters
2.1.4 Incorrect type handling
2.1.5 Blind SQL injection
2.1.6 Conditional responses
2.1.7 Second order SQL injection
2.1.8 Query Parameterization statements
2.1.9 Escaping Parameters by using special function
2.1.10 SQL Injection Vulnerability Technical Hitches
2.1.11 Recommended Preventive Measures for SQL Injection Attacks
2.1.12 Prevention of Sql Injection Attack in PHP
2.2 Cross Site Request Forgery(CSRF/XSRF)
2.2.1 Cross Site Request Forgery Attack’s Analysis and Prevention Techniques
2.2.2 The Most-Neglected Fact about Cross Site Request Forgery(CSRF)vulnerabilities
2.2.3 Finding and Remediating XSRF Vulnerabilities
2.2.4 Cross Site Request Forgery Protection Mechanisms
2.3 Cross Site Scripting attack(XSS)
2.3.1 The behavioral approach to Cross-site Scripting(XSS)attack mechanism
2.3.2 The use of JavaScript by an attacker in Cross Site Scripting(XSS)attack
2.3.3 Actors in a Cross Site Scripting(XSS)attack
2.3.4 The anatomy of a Cross-site Scripting(XSS)attack
2.3.5 The Types of Cross Site Scripting(XSS)Attack
2.5.6 Enabling Factors for Exploitation
2.5.7 Some essential examples of Cross-site Scripting attack vectors
2.3.8 The prevention mechanism
CHAPTER 3:RESEARCH METHODOLOGY
3.1 Related studies
3.2 Research Design and Data requirements
3.2.1 Research Design
3.2.2 Data Requirements
3.3 The Amalgamated Techniques Organized For Web Vulnerability Scanner Evaluation
3.4 The Web Application Vulnerability Scanners
3.4.1.The Web Application Scanners in Academia
3.4.2 The Free/Open-Source Web Application Scanners Used
3.4.3 Commercial Web Application Scanner
3.5.The Design of the Web Applications for testing
3.6 Overview and Features of the vulnerable web application
3.7 Vulnerabilities Implemented in the web applications developed
3.8 Input vector
3.9 Qualitative Comparison of The Detection Capabilities By the Scanners
3.10 Strategy of the scanners in identifying vulnerabilities
CHAPTER 4:PERFORMANCE RESULTS AND ANALYSIS
4.1 Evaluation Method Used
4.1.1 Web Application Technologies executed
4.1.2 The Controlled Environment
4.1.3 Black Box and White Box Analysis
4.1.4 Vulnerability Scanner Testing Approach
4.1.5 Implementation
4.1.6 The Classification of the implemented vulnerabilities
4.1.7 Analysis of the scanner results
4.1.8 Limitations of Performance
4.2 The Finalization Of The Results
4.2.1 Test Techniques
4.2.2 Technical Observations
4.2.3 The Personalized Web Application Test Bed Prototype
4.2.4 SQL Injection
4.2.5 XSS Injection
4.2.6 The Test results pictographic repositories
4.2.6 Other Findings
CHAPTER 5: CONCLUSION AND FUTURE WORK
5.1 CONCLUSION
5.2 Future Work
REFERENCES
ACKNOWLEDGEMENTS
ABBREVIATIONS
APPENDIX