An efficient algorithm and tool for detecting dangerous website vulnerabilities

Abstract

Web applications are progressively developing and applied in most aspects of life. However, there exist a variety of dangerous website security vulnerabilities such as SQL injection and cross-site scripting. This creates the opportunity for hackers to exploit and attack websites for commercial or political purposes or fame. Some research and commercial software have been developed for scanning and detecting those vulnerabilities. In this paper, we present an efficient algorithmic study and tool to detect web security vulnerabilities. Experimental results show that the new method is capable of detecting vulnerabilities with high accuracy. Compared to popular commercial software on the market, our tool has faster performance and can detect a number of less common vulnerabilities such as shell injection, or file inclusion.