Title :
Investigations in Cross-site Script on Web-systems Gathering Digital Evidence against Cyber-Intrusions
Author :
Wang, Shiuh-Jeng ; Chang, Yao-Han ; Chiang, Wen-Ya ; Juang, Wen-Shenq
Author_Institution :
Central Police Univ., Taoyuan
Abstract :
With the Internet\´s rapid development, government agencies and other private companies are setting up websites for providing information and marketing. However, computer viruses and hackers are omnipresent on Internet. The injection attacks grew exponentially recently. SQL Injection, ASP Injection, PHP Injection are methods of attacks used. The nation\´s largest Blog website "Wretch" and the international largest friend\´s community website "MySpace" were attacked in recent years by Cross-Site Script (XSS) attacks. In this paper, we provide a scheme to know how to collect evidence after suffering XSS attacks from network systems. Furthermore, we give the management strategies to prevent XSS attacks from network intrusions.
Keywords :
Internet; Web sites; computer crime; computer viruses; ASP injection; Internet; PHP injection; SQL injection; Web site systems; Weblogs; computer viruses; cross-site script attacks; cyber-intrusions; digital evidence; Application software; Application specific processors; Computer crime; Forensics; Government; IP networks; Information filtering; Information management; Internet; Security;
Conference_Titel :
Future Generation Communication and Networking (FGCN 2007)
Conference_Location :
Jeju
Print_ISBN :
0-7695-3048-6
DOI :
10.1109/FGCN.2007.156
