Paper Abstract and Keywords |
Presentation |
2011-07-13 13:25
On Usage of Practical Web Application Source Code for Learning Support on Secure Coding Ryosuke Miyaji, Seikoh Nishita (Takushoku Univ) ISEC2011-22 SITE2011-19 ICSS2011-27 EMM2011-21 |
Abstract |
(in Japanese) |
(See Japanese page) |
(in English) |
Security holes (vulnerabilities) in web applications causes security
incidents like personal information leakage and virus infection of web
pages.
To maintain the safety of web applications, there are well-known
programming techniques, that is, sanitization and input validation,
which are obtained via leaning environment of textbooks or tools like
WebGoat.
The learning environment supports basic knowledge on the mechanism of
the vulnerabilities, the way to attack them and the programming
techniques.
However, it is not sufficient to drill students to develop
practical secure web applications with use of the programming techniques.
In order for the training, the plenty of practical exercises,
material of the exercises and computer-aided method to generate the
exercises are required.
This paper describes an examination toward the generation of the
exercises from source code of practical vulnerable web applications. |
Keyword |
(in Japanese) |
(See Japanese page) |
(in English) |
web application / vulnerability / web application vulnerability learning tool / escaping sql literals / illegal access / / / |
Reference Info. |
IEICE Tech. Rep., vol. 111, no. 125, ICSS2011-27, pp. 123-129, July 2011. |
Paper # |
ICSS2011-27 |
Date of Issue |
2011-07-05 (ISEC, SITE, ICSS, EMM) |
ISSN |
Print edition: ISSN 0913-5685 Online edition: ISSN 2432-6380 |
Copyright and reproduction |
All rights are reserved and no part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without permission in writing from the publisher. Notwithstanding, instructors are permitted to photocopy isolated articles for noncommercial classroom use without fee. (License No.: 10GA0019/12GB0052/13GB0056/17GB0034/18GB0034) |
Download PDF |
ISEC2011-22 SITE2011-19 ICSS2011-27 EMM2011-21 |
Conference Information |
Committee |
ISEC IPSJ-CSEC SITE ICSS EMM IPSJ-SPT |
Conference Date |
2011-07-12 - 2011-07-13 |
Place (in Japanese) |
(See Japanese page) |
Place (in English) |
Shizuoka University |
Topics (in Japanese) |
(See Japanese page) |
Topics (in English) |
|
Paper Information |
Registration To |
ICSS |
Conference Code |
2011-07-ISEC-CSEC-SITE-ICSS-EMM-SPT |
Language |
Japanese |
Title (in Japanese) |
(See Japanese page) |
Sub Title (in Japanese) |
(See Japanese page) |
Title (in English) |
On Usage of Practical Web Application Source Code for Learning Support on Secure Coding |
Sub Title (in English) |
|
Keyword(1) |
web application |
Keyword(2) |
vulnerability |
Keyword(3) |
web application vulnerability learning tool |
Keyword(4) |
escaping sql literals |
Keyword(5) |
illegal access |
Keyword(6) |
|
Keyword(7) |
|
Keyword(8) |
|
1st Author's Name |
Ryosuke Miyaji |
1st Author's Affiliation |
Graduate School of Engineering, Takushoku University (Takushoku Univ) |
2nd Author's Name |
Seikoh Nishita |
2nd Author's Affiliation |
Takushoku University (Takushoku Univ) |
3rd Author's Name |
|
3rd Author's Affiliation |
() |
4th Author's Name |
|
4th Author's Affiliation |
() |
5th Author's Name |
|
5th Author's Affiliation |
() |
6th Author's Name |
|
6th Author's Affiliation |
() |
7th Author's Name |
|
7th Author's Affiliation |
() |
8th Author's Name |
|
8th Author's Affiliation |
() |
9th Author's Name |
|
9th Author's Affiliation |
() |
10th Author's Name |
|
10th Author's Affiliation |
() |
11th Author's Name |
|
11th Author's Affiliation |
() |
12th Author's Name |
|
12th Author's Affiliation |
() |
13th Author's Name |
|
13th Author's Affiliation |
() |
14th Author's Name |
|
14th Author's Affiliation |
() |
15th Author's Name |
|
15th Author's Affiliation |
() |
16th Author's Name |
|
16th Author's Affiliation |
() |
17th Author's Name |
|
17th Author's Affiliation |
() |
18th Author's Name |
|
18th Author's Affiliation |
() |
19th Author's Name |
|
19th Author's Affiliation |
() |
20th Author's Name |
|
20th Author's Affiliation |
() |
Speaker |
Author-1 |
Date Time |
2011-07-13 13:25:00 |
Presentation Time |
25 minutes |
Registration for |
ICSS |
Paper # |
ISEC2011-22, SITE2011-19, ICSS2011-27, EMM2011-21 |
Volume (vol) |
vol.111 |
Number (no) |
no.123(ISEC), no.124(SITE), no.125(ICSS), no.126(EMM) |
Page |
pp.123-129 |
#Pages |
7 |
Date of Issue |
2011-07-05 (ISEC, SITE, ICSS, EMM) |
|