Vulnerability Scanning Technique in AJAX Application
The development of internet technology and the needs of web-based application gave birth to a new technology called AJAX, which allows web application to update its content without reloading the entire page. Like other web application, an AJAX application also has vulnerabilities. To detect ulnerabi...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/39150 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:39150 |
|---|---|
| spelling |
id-itb.:391502019-06-24T10:53:28ZVulnerability Scanning Technique in AJAX Application Jonathan Koswara, Kevin Indonesia Final Project AJAX application, vulnerability scanner, crawling, payload generation, response analysis, dynamic DOM, AJAX crawler, DOM state INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/39150 The development of internet technology and the needs of web-based application gave birth to a new technology called AJAX, which allows web application to update its content without reloading the entire page. Like other web application, an AJAX application also has vulnerabilities. To detect ulnerabilities, web developers use a tool called vulnerability scanner, to prevent vulnerabilities after application deployment. Generally, there are three process in vulnerability scanner, crawling, payload generation, and response analysis. However, AJAX introduces new challenges, one of which is dynamic DOM. A crawling process will, generally, read only the HTML. In AJAX application, however, the DOM may change by JavaScript execution. Because of this, the current crawling method isn’t effective in extracting URLs in AJAX application, and so, makes vulnerability scanning incomplete. One way to solve this problem is by using AJAX crawler. AJAX crawler extracts URLs by running JavaScript events, recording state changes, and extracting URLs from all states generated. With this approach, adynamic DOM can be converted into some instances of static DOM and crawling can be done. Experiment result shows that AJAX crawler can extract a more complete result compared to current crawling method. This result leads to a wider detection area for vulnerability scanner and chances to detect vulnerabilities increases. This is proved by the second experiment where a vulnerability scanner W3AF with AJAX crawler installed is able to detect new vulnerabilities in AJAX-called URLs. From this result, we can conclude that installing AJAX crawler in a vulnerability scanner, without changing the payload generation and response analysis proess , can be used to detect vulnerabilities in AJAX application. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
The development of internet technology and the needs of web-based application gave birth to a new technology called AJAX, which allows web application to update its content without reloading the entire page. Like other web application, an AJAX application also has vulnerabilities. To detect ulnerabilities, web developers use a tool called vulnerability scanner, to prevent vulnerabilities after application deployment. Generally, there are three process in vulnerability scanner, crawling, payload generation, and response analysis. However, AJAX introduces new challenges, one of which is dynamic DOM. A crawling process will, generally, read only the HTML. In AJAX application, however, the DOM may change by JavaScript execution. Because of this, the current crawling method isn’t effective in extracting URLs in AJAX application, and so, makes vulnerability scanning incomplete. One way to solve this problem is by using AJAX crawler. AJAX crawler extracts URLs by running JavaScript events, recording state changes, and extracting URLs from all states generated. With this approach, adynamic DOM can be converted into some instances of static DOM and crawling can be done. Experiment result shows that AJAX crawler can extract a more complete result compared to current crawling method. This result leads to a wider detection area for vulnerability scanner and chances to detect vulnerabilities increases. This is proved by the second experiment where a vulnerability scanner W3AF with AJAX crawler installed is able to detect new vulnerabilities in AJAX-called URLs. From this result, we can conclude that installing AJAX crawler in a vulnerability scanner, without changing the payload generation and response analysis proess , can be used to detect vulnerabilities in AJAX application. |
| format |
Final Project |
| author |
Jonathan Koswara, Kevin |
| spellingShingle |
Jonathan Koswara, Kevin Vulnerability Scanning Technique in AJAX Application |
| author_facet |
Jonathan Koswara, Kevin |
| author_sort |
Jonathan Koswara, Kevin |
| title |
Vulnerability Scanning Technique in AJAX Application |
| title_short |
Vulnerability Scanning Technique in AJAX Application |
| title_full |
Vulnerability Scanning Technique in AJAX Application |
| title_fullStr |
Vulnerability Scanning Technique in AJAX Application |
| title_full_unstemmed |
Vulnerability Scanning Technique in AJAX Application |
| title_sort |
vulnerability scanning technique in ajax application |
| url |
https://digilib.itb.ac.id/gdl/view/39150 |
| _version_ |
1823638445785874432 |