Full metadata record
DC FieldValueLanguage
dc.contributor.author蔡忠宏en_US
dc.contributor.authorChung-Hung Tsaien_US
dc.contributor.author黃世昆en_US
dc.contributor.authorShih-Kun Huangen_US
dc.date.accessioned2014-12-12T02:30:19Z-
dc.date.available2014-12-12T02:30:19Z-
dc.date.issued2002en_US
dc.identifier.urihttp://140.113.39.130/cdrfb3/record/nctu/#NT910392065en_US
dc.identifier.urihttp://hdl.handle.net/11536/70138-
dc.description.abstractWeb Application的設計缺失經常能引起系統問題,致使線上服務停擺,或是產生SQL Injection、Cross-Site Scripting..等網路攻擊的安全問題,而造成電子商務公司、政府機構的損失。為了能夠有效地預防這些問題的產生,因此我們提出了一個能自動化檢測Web Application設計缺失的機制並且實作了其測試平台。 而這個測試平台的設計理念則是基於我們於WWW2003會議所發表的論文” Web Application Security Assessment by Fault Injection and Behavior Monitoring”中所提出的方法,其利用了Software Fault Injection這種軟體工程的檢測技術來對於Web Application做安全評估,以找出系統中可能的安全缺陷。這篇碩士論文則將更深入的探討Web Application在套用 Fault Injection的相關議題,主要包括自動化測試的實現,以及提高測試效能的方法,同時我們將驗證這些方法確實是可行且有效的。zh_TW
dc.description.abstractSince Web Application flaw always causes system problems, such as SQL Injection and Cross-Site Scripting, and sometimes perplex e-business companies, government and many end users. In order to prevent the trouble caused by WA flaw, we require feasible and effective flaw detecting mechanism. In this thesis, we propose a novel automatic detecting mechanism and discuss related issues on the design of automatic testing platform. The mechanism of testing platform is based on our previous research in WWW2003 that applied a software engineering technique- Software Fault Injection for assessing Web application security. In this thesis, we’ll intensively discuss the related issues on applying Fault Injection to detect Web application flaw, including automatic Fault Injection and efficient Fault Injection. And we also demonstrate our method is feasible, effective and efficient.en_US
dc.language.isozh_TWen_US
dc.subjectWeb應用程式zh_TW
dc.subject軟體測試zh_TW
dc.subject錯誤殖入zh_TW
dc.subject資料隱碼zh_TW
dc.subject安全評估zh_TW
dc.subjectWeb Applicactionen_US
dc.subjectSoftware testingen_US
dc.subjectFault Injectionen_US
dc.subjectSQL Injecitonen_US
dc.subjectSecurity assessmenten_US
dc.subjectCross site scriptingen_US
dc.title一個Web 應用程式的錯誤殖入測試平台設計zh_TW
dc.titleThe Design of a Software Testing Platform- For Applying Fault Injection to Web Applicationsen_US
dc.typeThesisen_US
dc.contributor.department資訊科學與工程研究所zh_TW
Appears in Collections:Thesis