The architecture and industry applications of web security in static and dynamic analysis
| Pages | 105-119 |
| DOI | https://doi.org/10.1108/13287261011042912 |
| Date | 04 May 2010 |
| Published date | 04 May 2010 |
| Author | Raymond Wu,Masayuki Hisada |
| Subject Matter | Information & knowledge management |
Applications of
web security
105
Journal of Systems and Information
Technology
Vol. 12 No. 2, 2010
pp. 105-119
#Emerald Group Publishing Limited
1328-7265
DOI 10.1108/13287261011042912
The architecture and industry
applications of web security in
static and dynamic analysis
Raymond Wu and Masayuki Hisada
Department of Research and Development,
NST Inc., Aizuwakamatsu, Japan
Abstract
Purpose – The purpose of this paper is to propose a metadata-driven approach and the associated
technologies to deal with ever-rising web security issue. The approach applies metadata techniques
to envision semantic validation for new types of vulnerability.
Design/methodology/approach – Token decomposition design was applied to move analysis
work into abstract level. This novel approach can solve the issues by using a dual control method to
perform vulnerability validation.
Findings – Current analysis has been lack in metadata foundation, the vulnerability is invisible due
to semantic obfuscation. This paper reflects the limitation of existing methods. It applies metadata-
driven approach to move physical and syntax analysis into semantic validation.
Research limitations/implications – Currently, certain difficulties may be encountered in
preparing benchmarking for dual control process before completing development work. However, this
paper tries to create scenarios which can be a reference, to evaluate the semantic validation.
Practical implications – In consideration of the optimized control and vulnerability rate, Structural
Query Language (SQL) injection is taken as an example in demonstration. This approach targets
large enterprise and high complexity, and the research intends to impact industry to generate
common practices such as metadata standards and development tools.
Originality/value – This paper contributes originality in applying metadata strategy to envision
semantic structure. It further favours the service industry in building up portfolio foundation in
component-based technologies. As the new type of vulnerability can be precisely specified, it can
minimize business impact and achieve efficient vulnerability detection.
Keywords Tracking, Worldwide web, Online operations, Data security
Paper type Research paper
1. Introduction
Vulnerability causes tremendous business loss which has been ranked top issue in
IT industry. We aim to investigate the key factors which impact web security, to
encompass our research work. Among the factors we derived, the identification,
validation, and tracking (IVT) are all critical which can be our research milesto nes.
This paper first conducts literature review to oversee the architectural requirements.
It discusses micro process approaches and introduces techniques such as trigger,
parser, token, and metadata code to support interoperability of IVT.It fur ther evaluates
the parser automata and hierarchical structure by benc hmarking the feasibility of
Structural Query Language (SQL) vulnerability detection. In security archi tecture, as
the method of semantic analysis and techniques in SQL framing can be generic for any
attacking pattern, we take SQL injection as an example for the demonstration of
The current issue and full text archive of this journal is available at
www.emeraldinsight.com/1328-7265.htm
The present research was supported through a program for the promotion of Private-Sector Key
Technology Research by the National Institute of Information and Communications Technology
(NICT) of Japan, entitled ‘‘Research and development concerning the web application security
with combination of static and dynamic analysis’’.
To continue reading
Request your trial