Title :
Discovering security vulnerabilities and leaks in ASP.NET websites
Author :
AL-Amro, Huyam ; El-Qawasmeh, Eyas
Author_Institution :
Inf. Syst. Dept., King Saud Univ., Riyadh, Saudi Arabia
Abstract :
Websites written in ASP.NET might contain security vulnerabilities that are not seen to the owner of the website. This paper describes an algorithm that aims in the detection of security vulnerabilities. The suggested algorithm performs a scanning process for all website/ application files. Our scanner tool relies on studying the source code of the application depending on ASP.NET files and the code behind files (Visual Basic VB and C sharp C#). A program written for this purpose is to generate a report that describes most leaks and vulnerabilities types (by mentioning the file name, leak description and its location). The suggested algorithm will help organization to fix the vulnerabilities and improve the overall security.
Keywords :
Visual BASIC; Web sites; security of data; ASP.NET Websites; ASP.NET files; C#; Visual Basic VB; application source code; scanning process; security leak discovery; security vulnerability detection; security vulnerability discovery; Browsers; Computer hacking; Databases; HTML; Programming; Web sites; ASP; ASP.NET; Algorithm; Cookie Poisoning; Cross Site Scripting XSS; Denial-of-Service DoS; HTML; Hijack Session; IFrame; JavaScript; Leak; SQL Injection; Script; Security; Threats; Vulnerability; Websites;
Conference_Titel :
Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on
Conference_Location :
Kuala Lumpur
Print_ISBN :
978-1-4673-1425-1
DOI :
10.1109/CyberSec.2012.6246175