Discovering security vulnerabilities and leaks in ASP.NET websites

Author

AL-Amro, Huyam ; El-Qawasmeh, Eyas

Author_Institution

Inf. Syst. Dept., King Saud Univ., Riyadh, Saudi Arabia

fYear

2012

fDate

26-28 June 2012

Firstpage

329

Lastpage

333

Abstract

Websites written in ASP.NET might contain security vulnerabilities that are not seen to the owner of the website. This paper describes an algorithm that aims in the detection of security vulnerabilities. The suggested algorithm performs a scanning process for all website/ application files. Our scanner tool relies on studying the source code of the application depending on ASP.NET files and the code behind files (Visual Basic VB and C sharp C#). A program written for this purpose is to generate a report that describes most leaks and vulnerabilities types (by mentioning the file name, leak description and its location). The suggested algorithm will help organization to fix the vulnerabilities and improve the overall security.

Keywords

Visual BASIC; Web sites; security of data; ASP.NET Websites; ASP.NET files; C#; Visual Basic VB; application source code; scanning process; security leak discovery; security vulnerability detection; security vulnerability discovery; Browsers; Computer hacking; Databases; HTML; Programming; Web sites; ASP; ASP.NET; Algorithm; Cookie Poisoning; Cross Site Scripting XSS; Denial-of-Service DoS; HTML; Hijack Session; IFrame; JavaScript; Leak; SQL Injection; Script; Security; Threats; Vulnerability; Websites;

fLanguage

English

Publisher

ieee

Conference_Titel

Cyber Security, Cyber Warfare and Digital Forensic (CyberSec), 2012 International Conference on

Conference_Location

Kuala Lumpur

Print_ISBN

978-1-4673-1425-1

Type

conf

DOI

10.1109/CyberSec.2012.6246175

Filename

6246175