DC Field | Value | Language |
---|---|---|
dc.contributor.advisor | Lim, Chaeho | - |
dc.contributor.advisor | 임채호 | - |
dc.contributor.advisor | Kim, Myungchul | - |
dc.contributor.advisor | 김명철 | - |
dc.contributor.author | Hong, Hyun Wook | - |
dc.contributor.author | 홍현욱 | - |
dc.date.accessioned | 2017-03-29T02:41:23Z | - |
dc.date.available | 2017-03-29T02:41:23Z | - |
dc.date.issued | 2013 | - |
dc.identifier.uri | http://library.kaist.ac.kr/search/detail/view.do?bibCtrlNo=657359&flag=dissertation | en_US |
dc.identifier.uri | http://hdl.handle.net/10203/221952 | - |
dc.description | 학위논문(석사) - 한국과학기술원 : 정보보호대학원, 2013.8 ,[iv, 23 p. :] | - |
dc.description.abstract | As the modern web application started to reflect the user input to generate dynamic content, Cross-Site Scripting (XSS) attack has gained its popularity. XSS vulnerability is caused by improperly validating the user input, and thus allows the injection of malicious client-side script. In response to its overwhelming popularity, a lot of research has been done to mitigate this XSS vulnerability. Unfortunately, XSS issues in rich internet applications are not as much studied as the regular web applications. In this thesis, we show XSS attacks against Adobe Flash application, one of the most popular rich internet applications. In order to emphasize the risk of XSS in rich internet application, we implemented an automated XSS vulnerability analyzing system to automatically discover vulnerable Flash applications that are being serviced on the Web. Our system discovered vulnerable Flash applications from domestic portal sites. We also tried uploading the script-injected Flash applications to both domestic and foreign blog hosting sites to test the XSS attacks, and the sites were also vulnerable to those attacks. An XSS attack can be extended to a variety of attacks, such as session hijacking, URL redirection, malware installation, key logging and so on. By exploiting vulnerable Flash applications revealed from the portal sites in Korea, this thesis demonstrated that it is possible to access other users’ private information with the hijacked session. We notified the administrator of the portal site to modify this security flaw. In order to prevent this XSS attack, any external input to a Flash application must be validated upon its arrival. Especially in the environment where the user can easily customize the page content, such as blog hosting sites, Flash application must be considered as a potential security threat. The execution of external script must be controlled by proper sanitization of the input values as it may affect a large number of visitors. | - |
dc.language | eng | - |
dc.publisher | 한국과학기술원 | - |
dc.subject | Script Injection Attack | - |
dc.subject | Cross-site Scripting | - |
dc.subject | XSS | - |
dc.subject | Rich Internet Application | - |
dc.subject | Flash | - |
dc.subject | 스크립트 주입 공격 | - |
dc.subject | 크로스 사이트 스크립팅 | - |
dc.subject | 리치 인터넷 애플리케이션 | - |
dc.subject | 플래시 | - |
dc.title | Script injection attacks in rich internet application | - |
dc.title.alternative | 리치 인터넷 애플리케이션에서의 스크립트 주입 공격 | - |
dc.type | Thesis(Master) | - |
dc.identifier.CNRN | 325007 | - |
dc.description.department | 한국과학기술원 :정보보호대학원, | - |
Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.