A New Architecture of Ajax Web Application Security Crawler with Finite-State Machine

Author

An Huiyao ; Song Yang ; Yu Tao ; Li Hui ; Zhang Peng ; Zha Jun

Author_Institution

Sch. of Electron. Eng. & Comput. Sci., Peking Univ., Beijing, China

fYear

2014

fDate

13-15 Oct. 2014

Firstpage

112

Lastpage

117

Abstract

As Ajax webpage can be built by Javascript function, Ajax makes it possible to send asynchronous requests to the server and handle the response in the background. It is not definite that the current URL reflects the current state of the webpage. The traditional approach of security crawler can not walk through the Ajax web application to collect all the interface information for web security testing. In this page, we will introduce several benefits of Ajax web application and some technical differences about the crawler and propose a new model based on finite-state machine with double filter strategy to make it possible for Ajax web application security test automatically. Additionally, the crawler will be highly compatible with the metaspolit framework.

Keywords

Internet; Java; finite state machines; security of data; Ajax Web application security crawler; Ajax Webpage; Javascript function; Web security testing; double filter strategy; finite-state machine; metaspolit framework; Crawlers; Educational institutions; Security; Servers; Testing; Uniform resource locators; Web pages; Ajax web application; Double Duplicate Elimination Strategy; crawler of security scanner; finite-state machine;

fLanguage

English

Publisher

ieee

Conference_Titel

Cyber-Enabled Distributed Computing and Knowledge Discovery (CyberC), 2014 International Conference on

Conference_Location

Shanghai

Print_ISBN

978-1-4799-6235-8

Type

conf

DOI

10.1109/CyberC.2014.27

Filename

6984290