A Web Second-Order Vulnerabilities Detection Method

Miao Liu; Bin Wang

doi:10.1109/ACCESS.2018.2881070

IEEE Access (Jan 2018)

A Web Second-Order Vulnerabilities Detection Method

Miao Liu,
Bin Wang

Affiliations

Miao Liu: ORCiD; School of Computer Science and Educational Software, Guangzhou University, Guangzhou, China
Bin Wang: School of Computer Science and Educational Software, Guangzhou University, Guangzhou, China

DOI: https://doi.org/10.1109/ACCESS.2018.2881070
Journal volume & issue: Vol. 6
pp. 70983 – 70988

Abstract

Read online

Second-order vulnerabilities are more subtle and more destructive than the first-order vulnerabilities. After researching and analyzing the principles of web penetration testing and second-order attack principles, this paper proposes a method to detect web second-order security vulnerabilities. The method detects web second-order security vulnerabilities through two crawl scans. It crawls the website URL for the first time, sends anchor points, crawls URLs of the storage anchor point for the second time, and detects second-order web security vulnerabilities specifically for these suspicious URLs. The approach greatly reduces the time complexity of detecting second-order web security vulnerabilities and makes up for the lack of methods to detect web security second-order vulnerabilities.

Published in IEEE Access

ISSN: 2169-3536 (Online)
Publisher: IEEE
Country of publisher: United States
LCC subjects: Technology: Electrical engineering. Electronics. Nuclear engineering
Website: https://ieeexplore.ieee.org/xpl/RecentIssue.jsp?punumber=6287639

About the journal

Abstract

Keywords