Abstract
Numbers of the programs are poorly written, lacking even the most basic security procedures for handling input data from users. The input validation vulnerability can be detected by many tools but few tools can fix the flaws automatically. The security gateway can used to protect vulnerable Web sites immediately but it may induce false recognition through impersonal rule. By means of hybrid analysis and injection test, the vulnerable Web pages can be listed. Only those in vulnerable list need to be checked completely, so as to mitigate the system load and false positives effectively. Moreover an algorithm based on multilevel strategy is proposed producing individual sanitizing rule automatically for every vulnerable injection point. To meet the aim of automated validation, the enhanced crawler, the testing framework and the metaprograms are integrated into a sanitizing mechanism after we analyze the data flow. According to the experimental results, the mechanism has been proved to be a more effective scheme than those traditional input handling methods for mitigating malicious injection.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
