| Paper Abstract and Keywords |
| Presentation |
2006-07-28 14:05
Server-side security requirements against the Web technology threats
Yutaka Matsunaga (TEL), Michiko Oba (Hitachi) |
| Abstract |
(in Japanese) |
(See Japanese page) |
| (in English) |
The number of the attacks to the Web servers exploiting Web technologies is increasing. These attacks have caused forced site-closure, personal information leakage, and economic damage. These attacks were using SQL injection to the Web forms and unexpected commands in XML data to the PHP modules, but recently some incidents show the exploit of JavaScript in Ajax applications. As the new development method and business models described by the words like Web 2.0 become ubiquitous, it is anticipated that the attacks exploiting such new technologies to increase. This paper will outline the latest attack methods to the servers that cannot be detected or mitigated by the traditional security technique, and discuss the technical requirements to protect against those attacks. |
| Keyword |
(in Japanese) |
(See Japanese page) |
| (in English) |
security / Web 2.0 / SQL injection / cross site scripting / event correlation / database security / Ajax / identity theft |
| Reference Info. |
IEICE Tech. Rep., vol. 106, pp. 47-53, July 2006. |
| Paper # |
|
| Date of Issue |
2006-07-21 (OIS) |
| ISSN |
Print edition: ISSN 0913-5685 |
| Download PDF |
|
| Conference Information |
| Committee |
LOIS IPSJ-DC |
| Conference Date |
2006-07-28 - 2006-07-28 |
| Place (in Japanese) |
(See Japanese page) |
| Place (in English) |
Faculty of Engineering Yamagata University |
| Topics (in Japanese) |
(See Japanese page) |
| Topics (in English) |
|
| Paper Information |
| Registration To |
IPSJ-DC |
| Conference Code |
2006-07-OIS-IPSJ-DD |
| Language |
Japanese |
| Title (in Japanese) |
(See Japanese page) |
| Sub Title (in Japanese) |
(See Japanese page) |
| Title (in English) |
Server-side security requirements against the Web technology threats |
| Sub Title (in English) |
|
| Keyword(1) |
security |
| Keyword(2) |
Web 2.0 |
| Keyword(3) |
SQL injection |
| Keyword(4) |
cross site scripting |
| Keyword(5) |
event correlation |
| Keyword(6) |
database security |
| Keyword(7) |
Ajax |
| Keyword(8) |
identity theft |
| 1st Author's Name |
Yutaka Matsunaga |
| 1st Author's Affiliation |
Tokyo Electron Ltd. (TEL) |
| 2nd Author's Name |
Michiko Oba |
| 2nd Author's Affiliation |
Hitachi, Ltd. (Hitachi) |
| 3rd Author's Name |
|
| 3rd Author's Affiliation |
() |
| 4th Author's Name |
|
| 4th Author's Affiliation |
() |
| 5th Author's Name |
|
| 5th Author's Affiliation |
() |
| 6th Author's Name |
|
| 6th Author's Affiliation |
() |
| 7th Author's Name |
|
| 7th Author's Affiliation |
() |
| 8th Author's Name |
|
| 8th Author's Affiliation |
() |
| 9th Author's Name |
|
| 9th Author's Affiliation |
() |
| 10th Author's Name |
|
| 10th Author's Affiliation |
() |
| 11th Author's Name |
|
| 11th Author's Affiliation |
() |
| 12th Author's Name |
|
| 12th Author's Affiliation |
() |
| 13th Author's Name |
|
| 13th Author's Affiliation |
() |
| 14th Author's Name |
|
| 14th Author's Affiliation |
() |
| 15th Author's Name |
|
| 15th Author's Affiliation |
() |
| 16th Author's Name |
|
| 16th Author's Affiliation |
() |
| 17th Author's Name |
|
| 17th Author's Affiliation |
() |
| 18th Author's Name |
|
| 18th Author's Affiliation |
() |
| 19th Author's Name |
|
| 19th Author's Affiliation |
() |
| 20th Author's Name |
|
| 20th Author's Affiliation |
() |
| Speaker |
Author-1 |
| Date Time |
2006-07-28 14:05:00 |
| Presentation Time |
25 minutes |
| Registration for |
IPSJ-DC |
| Paper # |
OIS2006-17 |
| Volume (vol) |
vol.106 |
| Number (no) |
no.195 |
| Page |
pp.47-53 |
| #Pages |
7 |
| Date of Issue |
2006-07-21 (OIS) |