웹 애플리케이션을 위한 개선된 플러그인 보안 테스트 모델

Abstract

With the rapid developments of Web applications, more security issues such as web vulnerabilities, web application defects and malicious web attacks emerge from the widespread use. These incidental security issues not only constrain further developments of Web applications, but also cause economic losses to individuals or enterprises. Although the vast majority of security technologies are able to detect and handle potential security risks, there will inevitably be certain flaws and vulnerabilities which are harmful to Web applications. In this paper, a pluggable integrated model for Web application security testing is proposed to relieve the harms caused by unknown web flaws or web vulnerabilities. The proposed model enumerates the possibilities before and after running the Web applications, and calculates the corresponding risk probabilities to help users make more appropriate decisions. Consequently the Web application can operate safely, which implicitly contributes to its stability.