Design and implementation of website information disclosure assessment system
| Autor: | Ying-Chiang Cho, 卓瑩鎗 |
|---|---|
| Rok vydání: | 2014 |
| Druh dokumentu: | 學位論文 ; thesis |
| Popis: | 102 Over the years, human dependence on the Internet has increased dramatically. A large amount of information is placed on as well as retrieved from the Internet on a daily basis, which makes web security in terms of online information a major concern. In recent years, the most problematic issues in web security have been E-mail address leakage and SQL injection attacks. Database is of great importance for it stores lots of users’ information, while capturing E-mail accounts by crawler programs is the first step of APT attacks, so web engineers must pay close attention to E-mail account protection. There are many possible causes of information leakage, such as inadequate precautions during the programming process, which leads to the leakage of E-mail ad-dresses entered online, or insufficient protection of database information, that is, a loophole that enables malicious users to steal online content. In this thesis, we imple-ment a website information disclosure assessment system that is equipped with SQL injection vulnerability detection, web vulnerability mining, by means of an algorithm developed for the web crawler. In addition, we analyze the top-20 university websites and portal sites of 24 governments, make comparison between IPv4 and IPv6 websites and among Department of Communications Engineering, Department of Electrical Engineering, and Department of Computer Science and Information Engineering as well, to investigate the information leaking status of each site. Subsequently, we applied the data collected to analyze the database structure and content of each site. In the last part, we make use of practical verification in order to focus on information security and privacy through black-box testing. |
| Databáze: | Networked Digital Library of Theses & Dissertations |
| Externí odkaz: |
|