%0 Conference Proceedings
%T Detection and Mitigation of Web Application Vulnerabilities Based on Security Testing
%+ Sungkyunkwan University [Suwon] (SKKU)
%+ Dankook University
%+ Jeju National University
%A Lee, Taeseung
%A Won, Giyoun
%A Cho, Seongje
%A Park, Namje
%A Won, Dongho
%Z Part 3: Network Security
%< avec comité de lecture
%( Lecture Notes in Computer Science
%B 9th International Conference on Network and Parallel Computing (NPC)
%C Gwangju, South Korea
%Y James J. Park
%Y Albert Zomaya
%Y Sang-Soo Yeo
%Y Sartaj Sahni
%I Springer
%3 Network and Parallel Computing
%V LNCS-7513
%P 138-144
%8 2012-09-06
%D 2012
%R 10.1007/978-3-642-35606-3_16
%K web application
%K security testing
%K vulnerability
%K security
%Z Computer Science [cs]Conference papers
%X The paper proposes a security testing technique to detect known vulnerabilities of web applications using both static and dynamic analysis. We also present a process to improve the security of web applications by mitigating many of the vulnerabilities revealed in the testing phase, and address a new method for detecting unknown vulnerabilities by applying dynamic black-box testing based on a fuzzing technique. The fuzzing technique includes a structured fuzzing strategy that considers the input data format as well as misuse case generation to enhance the detection rate compared to general fuzzing techniques.
%G English
%Z TC 10
%Z WG 10.3
%2 https://inria.hal.science/hal-01551360/document
%2 https://inria.hal.science/hal-01551360/file/978-3-642-35606-3_16_Chapter.pdf
%L hal-01551360
%U https://inria.hal.science/hal-01551360
%~ IFIP-LNCS
%~ IFIP
%~ IFIP-AICT
%~ IFIP-TC
%~ IFIP-TC10
%~ IFIP-NPC
%~ IFIP-WG10-3
%~ IFIP-LNCS-7513