Title :
Reverse Engineering Web Applications for Security Mechanism Enhancement
Author :
Hui Guan ; Hakeem, Hossam ; Hongji Yang
Author_Institution :
Sch. of Comput. Sci. & Technol., Shenyang Univ. of Chem. Technol., Shenyang, China
Abstract :
This paper focuses on reverse engineering web application for security mechanisms detection in the current design and thereby presents a security evaluation method for web application taking consideration of potential threats, security features provided by the detected security mechanisms and user´s security objectives. Based on our previous work on risk assessment for web applications, evaluation of current security implementation is conducted combining core security structure detection and security knowledge checklist matching. Reverse engineering techniques have been used to extract system models from source code based on which security relevant artefacts are identified and matched with built security artefacts base. The paper describes the general structure of the proposed method.
Keywords :
Internet; reverse engineering; security of data; core security structure detection; reverse engineering Web applications; risk assessment; security evaluation method; security knowledge checklist matching; security mechanism detection; security mechanism enhancement; source code; user security objectives; Access control; Authentication; Encryption; Reverse engineering; Software; reverse engineering; risk assessment; security evaluation; security mechanism; vulnerability;
Conference_Titel :
Computer Software and Applications Conference Workshops (COMPSACW), 2014 IEEE 38th International
Conference_Location :
Vasteras
DOI :
10.1109/COMPSACW.2014.82
