Title: An efficient algorithm and tool for detecting dangerous website vulnerabilities

Authors: Hoang Viet Long; Tong Anh Tuan; David Taniar; Nguyen Van Can; Hoang Minh Hue; Nguyen Thi Kim Son

Addresses: People's Police University of Technology and Logistics, Bac Ninh, Vietnam ' People's Police University of Technology and Logistics, Bac Ninh, Vietnam ' Monash University, Melbourne, Australia ' People's Police University of Technology and Logistics, Bac Ninh, Vietnam ' Department of Public Security Science, Strategy and History, Ministry of Public Security, Vietnam ' Division of Computational Mathematics and Engineering, Institute for Computational Science, Ton Duc Thang University, Ho Chi Minh City, Vietnam; Faculty of Mathematics and Statistics, Ton Duc Thang University, Ho Chi Minh City, Vietnam

Abstract: Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.

Keywords: web security vulnerabilities; SQL injection; cross-site scripting; detection algorithm.

DOI: 10.1504/IJWGS.2020.106128

International Journal of Web and Grid Services, 2020 Vol.16 No.1, pp.81 - 104

Received: 17 Nov 2019
Accepted: 14 Jan 2020

Published online: 30 Mar 2020 *

Full-text access for editors Full-text access for subscribers Purchase this article Comment on this article