DC FieldValueLanguage
dc.contributor.advisorKrügel, Christopher-
dc.contributor.authorJovanovic, Nenad-
dc.date.accessioned2020-06-30T20:55:50Z-
dc.date.issued2007-
dc.date.submitted2007-07-
dc.identifier.urihttps://resolver.obvsg.at/urn:nbn:at:at-ubtuw:1-16505-
dc.identifier.urihttp://hdl.handle.net/20.500.12708/14176-
dc.descriptionZsfassung in dt. Sprache-
dc.description.abstractDuring the last years, the web has evolved into an integral part of our daily lives. Unfortunately, as our dependency on the web increases, so does the interest of attackers in exploiting security vulnerabilities in web applications. This thesis presents novel approaches aimed at the detection of such vulnerabilities, and at the protection of clients against web-based attacks.<br />Vulnerability Detection.<br />The most prominent types of web application vulnerabilities (such as SQL Injection and Cross-Site Scripting) belong to the general class of Taint-Style Vulnerabilities. In this thesis, we describe novel techniques for detecting these types of vulnerabilities by statically analyzing the source code of potentially vulnerable applications. More precisely, our techniques are based on flow-sensitive, interprocedural and context-sensitive data flow analysis to discover vulnerable points in a program. In this context, we present algorithms for the solution of problems unique to the analysis of web applications.<br /> Client Protection.<br />Apart from proactively detecting and fixing vulnerabilities at the server side, it is also beneficial to employ real-time methods for protecting web application users against attacks. In particular, Cross-Site Request Forgery is a dangerous type of attack that is capable of bypassing the authentication mechanism of vulnerable applications. Existing approaches to mitigating this threat are incomplete, time-consuming, and error-prone. We present a proxy-based solution that provides a reliable and fully automatic user protection for existing web applications. Applying this solution is straightforward, and does not interfere with the regular behavior of the protected web application.<br />The proposed techniques have been implemented and evaluated on real-world examples, demonstrating their feasibility, effectiveness, and usefulness.<br />Our prototype implementations have been released under an open-source license, and are available for download at our web site.de
dc.formatVI, 115 Bl.-
dc.languageEnglish-
dc.language.isoen-
dc.subjectSicherheitde
dc.subjectWebanwendungende
dc.subjectstatische Analysede
dc.titleWeb application securityen
dc.typeThesisen
dc.typeHochschulschriftde
tuw.publication.orgunitE183 - Institut für Rechnergestützte Automation (Automatisierungssysteme. Mustererkennung)-
dc.type.qualificationlevelDoctoral-
dc.identifier.libraryidAC05035162-
dc.description.numberOfPages115-
dc.identifier.urnurn:nbn:at:at-ubtuw:1-16505-
dc.thesistypeDissertationde
dc.thesistypeDissertationen
item.languageiso639-1en-
item.openairetypeThesis-
item.openairetypeHochschulschrift-
item.fulltextwith Fulltext-
item.cerifentitytypePublications-
item.cerifentitytypePublications-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.openairecristypehttp://purl.org/coar/resource_type/c_18cf-
item.grantfulltextopen-
Appears in Collections:Thesis

Files in this item:

File Description SizeFormat
Jovanovic Nenad - 2007 - Web application security.pdf810.51 kBAdobe PDFThumbnail
 View/Open
Show simple item record

Page view(s)

26
checked on Apr 12, 2021

Download(s)

721
checked on Apr 12, 2021

Google ScholarTM

Check


Items in reposiTUm are protected by copyright, with all rights reserved, unless otherwise indicated.