A Solution for Automatically Malicious Web Shell and Web Application Vulnerability Detection

According to Internet Live Stats, it is evident that organizations and developers are underestimating security issues on their system. In this paper, we propose a protective and extensible solution for automatically detecting both the Web application vulnerabilities and malicious Web shells. Based o...

Full description

Saved in:
Bibliographic Details
Published inComputational Collective Intelligence pp. 367 - 378
Main Authors Le, Van-Giap, Nguyen, Huu-Tung, Lu, Dang-Nhac, Nguyen, Ngoc-Hoa
Format Book Chapter
LanguageEnglish
Published Cham Springer International Publishing
SeriesLecture Notes in Computer Science
Subjects
Malicious Web shell
Pattern matching
SQLi detection
Taint analysis
Web application vulnerability
XSS detection
Online AccessGet full text

Cover

More Information
Summary:According to Internet Live Stats, it is evident that organizations and developers are underestimating security issues on their system. In this paper, we propose a protective and extensible solution for automatically detecting both the Web application vulnerabilities and malicious Web shells. Based on the original THAPS, we proposed E-THAPS that has a new detecting mechanism, improved SQLi, XSS and vulnerable functions detecting capabilities. For malicious Web shell detection, taint analysis and pattern matching methods are selected as the main approach. The broad experiment that we performed showed our outstanding results in comparison with other solutions for detecting the Web application vulnerabilities and malicious Web shells.
ISBN:9783319452425
3319452428
ISSN:0302-9743
1611-3349
DOI:10.1007/978-3-319-45243-2_34