论文信息 - A Penetration Testing Method for E-Commerce Authentication System Security

A Penetration Testing Method for E-Commerce Authentication System Security

E-Commerce systems are suffering more and more security issues. Vulnerabilities of authentication systems are revealed when various attacks and malicious abuses are developed and deployed to violate security of system and information. To improve the ability to defend authentication system against invasion and abuse, a novel penetration testing method for E-Commerce authentication system is proposed to scrutinize the vulnerabilities of e-Commerce authentication system and evaluate severity level of potential vulnerabilities. The penetration testing method is an active vulnerability analysis and verification method that can mimic active attacks and perform exploitations by constructing effective and concise penetration testing cases. Through analyzing dynamic taint propagation, the presented method can determine feasibility of the attacks and evaluate security of authentication system. The experiment demonstrates the proposed method can serve as a viable and effective candidate for security detection of authentication system.

Weihua Li | Wei Pan

[1] Walter Krämer,et al. C-XSC 2.0: A C++ Library for Extended Scientific Computing , 2003, Numerical Software with Result Verification.

[2] Euiin Choi,et al. A Rule-based Security Auditing Tool for Software Vulnerability Detection , 2006, 2006 International Conference on Hybrid Information Technology.

[3] Mary Lou Soffa,et al. Automated test data generation using an iterative relaxation method , 1998, SIGSOFT '98/FSE-6.

[4] David Brumley,et al. Vulnerability-Specific Execution Filtering for Exploit Prevention on Commodity Software , 2006, NDSS.

[5] Shuzlina Abdul Rahman,et al. Constraint satisfaction problem using modified branch and bound algorithm , 2008 .

[6] Alexander Aiken,et al. A Toolkit for Constructing Type- and Constraint-Based Program Analyses , 1998, Types in Compilation.

[7] Gerry V. Dozier,et al. Immunity-based intrusion detection system design, vulnerability analysis, and GENERTIA's genetic arms race , 2005, SAC '05.

[8] Weihua Li,et al. Reverse analysis and trustworthy control for operating system security , 2007, Other Conferences.