To read this content please select one of the options below:

The architecture and industry applications of web security in static and dynamic analysis

Raymond Wu (Department of Research and Development, NST Inc., Aizuwakamatsu, Japan)
Masayuki Hisada (Department of Research and Development, NST Inc., Aizuwakamatsu, Japan)

Journal of Systems and Information Technology

ISSN: 1328-7265

Article publication date: 4 May 2010

365

Abstract

Purpose

The purpose of this paper is to propose a metadata‐driven approach and the associated technologies to deal with ever‐rising web security issue. The approach applies metadata techniques to envision semantic validation for new types of vulnerability.

Design/methodology/approach

Token decomposition design was applied to move analysis work into abstract level. This novel approach can solve the issues by using a dual control method to perform vulnerability validation.

Findings

Current analysis has been lack in metadata foundation, the vulnerability is invisible due to semantic obfuscation. This paper reflects the limitation of existing methods. It applies metadata‐driven approach to move physical and syntax analysis into semantic validation.

Research limitations/implications

Currently, certain difficulties may be encountered in preparing benchmarking for dual control process before completing development work. However, this paper tries to create scenarios which can be a reference, to evaluate the semantic validation.

Practical implications

In consideration of the optimized control and vulnerability rate, Structural Query Language (SQL) injection is taken as an example in demonstration. This approach targets large enterprise and high complexity, and the research intends to impact industry to generate common practices such as metadata standards and development tools.

Originality/value

This paper contributes originality in applying metadata strategy to envision semantic structure. It further favours the service industry in building up portfolio foundation in component‐based technologies. As the new type of vulnerability can be precisely specified, it can minimize business impact and achieve efficient vulnerability detection.

Keywords

Citation

Wu, R. and Hisada, M. (2010), "The architecture and industry applications of web security in static and dynamic analysis", Journal of Systems and Information Technology, Vol. 12 No. 2, pp. 105-119. https://doi.org/10.1108/13287261011042912

Publisher

:

Emerald Group Publishing Limited

Copyright © 2010, Emerald Group Publishing Limited

Related articles