Web Application Security: Threats, Countermeasures, and Pitfalls

Hsiu Chuan Huang; Zhi Kai Zhang; Hao Wen Cheng; Shiuhpyng Shieh

doi:10.1109/MC.2017.183

Web Application Security: Threats, Countermeasures, and Pitfalls

Hsiu Chuan Huang, Zhi Kai Zhang, Hao Wen Cheng, Shiuhpyng Shieh

Institute of Computer Science and Engineering

Research output: Contribution to specialist publication › Article

62 Scopus citations

Abstract

Penetration testing is a crucial defense against common web application security threats such as SQL injection and cross-site scripting attacks. A proposed web vulnerability scanner automatically generates test data with combinative evasion techniques, significantly expanding test coverage and revealing more vulnerabilities.

Original language	English
Pages	81-85
Number of pages	5
Volume	50
No	6
Specialist publication	Computer
DOIs	https://doi.org/10.1109/MC.2017.183
State	Published - 1 Jan 2017

Keywords

combinative evasion
cross-site scripting
cybersecurity
Cybertrust
filters
firewalls
Open Web Application Security Project
OWASP
penetration testing
security
SQL injection
VulScan
web vulnerability scanner
XSS

Access to Document

10.1109/MC.2017.183

Cite this

@misc{ab8f6f338702481e97db5909cc1e9e49,

title = "Web Application Security: Threats, Countermeasures, and Pitfalls",

abstract = "Penetration testing is a crucial defense against common web application security threats such as SQL injection and cross-site scripting attacks. A proposed web vulnerability scanner automatically generates test data with combinative evasion techniques, significantly expanding test coverage and revealing more vulnerabilities.",

keywords = "combinative evasion, cross-site scripting, cybersecurity, Cybertrust, filters, firewalls, Open Web Application Security Project, OWASP, penetration testing, security, SQL injection, VulScan, web vulnerability scanner, XSS",

author = "Huang, \{Hsiu Chuan\} and Zhang, \{Zhi Kai\} and Cheng, \{Hao Wen\} and Shiuhpyng Shieh",

year = "2017",

month = jan,

day = "1",

doi = "10.1109/MC.2017.183",

language = "English",

volume = "50",

pages = "81--85",

journal = "Computer",

issn = "0018-9162",

publisher = "IEEE Computer Society",

}

TY - GEN

T1 - Web Application Security

T2 - Threats, Countermeasures, and Pitfalls

AU - Huang, Hsiu Chuan

AU - Zhang, Zhi Kai

AU - Cheng, Hao Wen

AU - Shieh, Shiuhpyng

PY - 2017/1/1

Y1 - 2017/1/1

N2 - Penetration testing is a crucial defense against common web application security threats such as SQL injection and cross-site scripting attacks. A proposed web vulnerability scanner automatically generates test data with combinative evasion techniques, significantly expanding test coverage and revealing more vulnerabilities.

AB - Penetration testing is a crucial defense against common web application security threats such as SQL injection and cross-site scripting attacks. A proposed web vulnerability scanner automatically generates test data with combinative evasion techniques, significantly expanding test coverage and revealing more vulnerabilities.

KW - combinative evasion

KW - cross-site scripting

KW - cybersecurity

KW - Cybertrust

KW - filters

KW - firewalls

KW - Open Web Application Security Project

KW - OWASP

KW - penetration testing

KW - security

KW - SQL injection

KW - VulScan

KW - web vulnerability scanner

KW - XSS

UR - https://www.scopus.com/pages/publications/85020896782

U2 - 10.1109/MC.2017.183

DO - 10.1109/MC.2017.183

M3 - Article

AN - SCOPUS:85020896782

SN - 0018-9162

VL - 50

SP - 81

EP - 85

JO - Computer

JF - Computer

ER -

Web Application Security: Threats, Countermeasures, and Pitfalls

Abstract

Keywords

Access to Document

Other files and links

Fingerprint

Cite this