Open Access Open Access  Restricted Access Subscription or Fee Access

Vulnerability Detection Behind Web Applications

R. Manojkumar, V. Cyril Raj

Abstract


This paper proposes techniques to detect the vulnerabilities by performing scanning process for all website and web applications. The revealing process for vulnerabilities in ASP.NET websites/ applications is a complex process, where most of the code is anonymous and there are no citations to determine the purpose of the code. Due to the fact that ASP.NET which is part of .NET framework that separate the HTML code from the programming code in two files, one for (aspx) file and another for the programming code depending on the compiled language Visual Basic , C#, Java Script. Since the VB and C# are the most common languages in use around the world with ASP.NET files, we have adopted these two compiled languages in the construction of our proposed algorithm in addition to aspx files. Therefore, the scanning process inspects at least those three types of files aspx, VB and C#.

Keywords


Vulnerability, Web App, .NET Framework, Exploit, Assessment

Full Text:

PDF

References


wikipedia.org,"ASP.NET"[Online]http://en.wikipedia.org/wiki/ASP.NET.May 2, 2012.

D. White, N. Foster, "What is ASP programming?" [Online]

http://www.wisegeek.com/what-is-asp-programming.htm. June 2012.

C. Mackay, "SQL Injection attacks and some tips on how to Prevent them" [Online]

http://www.codeproject.com/Articles/9378/SQL-Injection-Attacks-and-Some-Tips-on-How-to-Prev. Jan 2005.

J.D. Meier, A. Mackman, B. Wastell, P. Bansod, and A. Wigley "How to: Protect from SQL Injection in ASP.NET." [Online]

http://msdn.microsoft.com/enus/library/ms998271.aspx. May 2005.

B. Jovicic, and D. Simic, "Common web application attack types and security using ASP.NET". Belgrade, Serbia and Montenegro: ComSIS, Vol. 3, No. 2. December 2006.

J. Guillaumier, "Cross Site Scripting - XSS – The underestimated exploit" [Online]

http://www.acunetix.com/websitesecurity/xss.htm.

IMPREVA Protecting the Data That Drives Business, "Cross- Site Scripting" [Online]

http://www.imperva.com/resources/glossary/cross_site_scripting.html.

I. Poison, "Cross site scripting: Common threats in web Applications" [Online]

http://www.codeproject.com/Articles/10732/Cross-sitescripting-Common-threats-in-web-applica. June 2005.

J. Shanmugam1, Dr. M. Ponnavaikko2, " Cross Site Scripting-Latest developments and solutions: A survey". Pilani, India : s.n., Vol. 1, No. 2. September 2008.

Safelight of security advisors, "Cross Site Scripting (Stored XSS) demo." [Online]

http://www.youtube.com/watch?v=7MR6U2i5iI. Jan 2009.

http://computernetworkingnotes.com/network-security-access-lists-standards-and-extended/types-of-attack.html.

http://en.wikipedia.org/wiki/Web_serverq


Refbacks

  • There are currently no refbacks.


Creative Commons License
This work is licensed under a Creative Commons Attribution 3.0 License.