Full metadata record
DC FieldValueLanguage
dc.contributor.author梁偉明en_US
dc.contributor.authorLeong, Wai-Mengen_US
dc.contributor.author黃世昆en_US
dc.contributor.authorHuang, Shih-Kunen_US
dc.date.accessioned2014-12-12T01:59:42Z-
dc.date.available2014-12-12T01:59:42Z-
dc.date.issued2011en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#GT079956543en_US
dc.identifier.urihttp://hdl.handle.net/11536/50576-
dc.description.abstract在資訊科技發達的年代,人們透過網頁方便的瀏覽或取得豐富的網路資源,但在急促的開發腳步下,開發者在開發過程中往往容易忽略安全的考量,導致駭客們能透過開發者的粗心,非法地存取或破壞資源。為了減少與彌補這類的安全問題,在網頁安全的領域上,已有各種不同的方法嘗試去防止或找出這類問題。本論文嘗試扮演攻擊者的角色,以自動產生攻擊字串為目標,達到駭客手動攻擊的相同效果。相較於其他傳統的檢測方法,更能確定漏洞的存在與證明攻擊的可行性。這樣的自動產生過程主要是基於一種動態的軟體測試方法-符號執行(symbolic execution)。最後以此自動化過程,測試幾個開源的大型網頁應用程式,針對已知的漏洞進行實驗,能成功產生相對應的攻擊字串。zh_TW
dc.description.abstractIn the well-developed information age, people are easy to get the rich internet resource through web pages. However, in the rapid development process, developers often tend to ignore the security concern carelessly. This leads to access or destroy the resource illegally by hackers. In order to reduce and fix these types of security issues, various methods have been proposed and attempted to locate or prevent them in the field of web security. This thesis attempts to act as an attacker and exploit web applications directly. Our target is to automatically generate the attack string and reproduce the results, emulating the manual attack behavior. In contrast with other traditional detection and prevention methods, this thesis can certainly determine the presence of vulnerabilities and prove the feasibility of attacks. This automatic generation process is mainly based on a dynamic software testing method-symbolic execution. Finally, we have applied this automatic process to several known vulnerabilities on large-scale open source web applications, and generated the attack strings successfully.en_US
dc.language.isoen_USen_US
dc.subject網頁安全zh_TW
dc.subject符號執行zh_TW
dc.subject自動化攻擊碼產生zh_TW
dc.subjectweb securityen_US
dc.subjectsymbolic executionen_US
dc.subjectautomatic exploit generationen_US
dc.title自動化網頁測試與攻擊產生zh_TW
dc.titleAutomatic Web Testing and Attack Generationen_US
dc.typeThesisen_US
dc.contributor.department網路工程研究所zh_TW
Appears in Collections:Thesis


Files in This Item:

  1. 654301.pdf