Volume 4 Number 9 (Sep. 2009)
Home > Archive > 2009 > Volume 4 Number 9 (Sep. 2009) >
JCP 2009 Vol.4(9): 837-844 ISSN: 1796-203X
doi: 10.4304/jcp.4.9.837-844

An Automated Mechanism for Secure Input Handling

Jin-Cherng Lin1, Jan-Min Chen2
1The Dept. of Computer Sci & Eng, Tatung University Taipei 10451, Taiwan
2The Dept. of Information Management,Yu Da College of Business Miaoli 36143, Taiwan


Abstract—Numbers of the programs are poorly written, lacking even the most basic security procedures for handling input data from users. The input validation vulnerability can be detected by many tools but few tools can fix the flaws automatically. The security gateway can used to protect vulnerable Web sites immediately but it may induce false recognition through impersonal rule. By means of hybrid analysis and injection test, the vulnerable Web pages can be listed. Only those in vulnerable list need to be checked completely, so as to mitigate the system load and false positives effectively. Moreover an algorithm based on multilevel strategy is proposed producing individual sanitizing rule automatically for every vulnerable injection point. To meet the aim of automated validation, the enhanced crawler, the testing framework and the metaprograms are integrated into a sanitizing mechanism after we analyze the data flow. According to the experimental results, the mechanism has been proved to be a more effective scheme than those traditional input handling methods for mitigating malicious injection.

Index Terms—Injection attack, Bypass testing, Input validation, Security gateway.

[PDF]

Cite: Jin-Cherng Lin, Jan-Min Chen, "An Automated Mechanism for Secure Input Handling," Journal of Computers vol. 4, no. 9, pp. 837-844, 2009.

General Information

ISSN: 1796-203X
Abbreviated Title: J.Comput.
Frequency: Monthly
Editor-in-Chief: Prof. Liansheng Tan
Executive Editor: Ms. Nina Lee
Abstracting/ Indexing: DBLP, EBSCO,  ProQuest, INSPEC, ULRICH's Periodicals Directory, WorldCat, CNKI,etc
E-mail: jcp@iap.org
  • Aug 16, 2019 News!

    Vol 14, No 8 has been published with online version   [Click]

  • Jul 19, 2019 News!

    Vol 14, No 7 has been published with online version   [Click]

  • Jun 21, 2019 News!

    Vol 14, No 6 has been published with online version   [Click]

  • Apr 28, 2019 News!

    Vol 14, No 5 has been published with online version 7 papers are published in this issue after peer review   [Click]

  • Mar 20, 2019 News!

    Vol 14, No 3 has been published with online version   [Click]

  • Read more>>