JOURNAL OF COMPUTERS (JCP)
ISSN : 1796-203X
Volume : 4    Issue : 9    Date : September 2009

An Automated Mechanism for Secure Input Handling
Jin-Cherng Lin and Jan-Min Chen
Page(s): 837-844
Full Text:
PDF (379 KB)


Abstract
Numbers of the programs are poorly written, lacking even the most basic security procedures for
handling input data from users. The input validation vulnerability can be detected by many tools but
few tools can fix the flaws automatically. The security gateway can used to protect vulnerable Web
sites immediately but it may induce false recognition through impersonal rule. By means of hybrid
analysis and injection test, the vulnerable Web pages can be listed. Only those in vulnerable list
need to be checked completely, so as to mitigate the system load and false positives effectively.
Moreover an algorithm based on multilevel strategy is proposed producing individual sanitizing rule
automatically for every vulnerable injection point. To meet the aim of automated validation, the
enhanced crawler, the testing framework and the metaprograms are integrated into a sanitizing
mechanism after we analyze the data flow. According to the experimental results, the mechanism
has been proved to be a more effective scheme than those traditional input handling methods for
mitigating malicious injection.

Index Terms
Injection attack, Bypass testing, Input validation, Security gateway