TY  - JOUR
ID  - SisLab3375
UR  - https://link.springer.com/chapter/10.1007/978-3-662-58611-2_5
IS  - XXXII
A1  - Le, Van Giap
A1  - Nguyen, Huu Tung
A1  - Pham, Duy Phuc
A1  - Nguyen, Ngoc Hoa
Y1  - 2018/12/19/
N2  - Web application/service is now omnipresent but its security risks, such as malware and vulnerabilities, are indeed underestimated. In this paper, we propose a protective, extensible and hybrid platform, named GuruWS, for automatically detecting both web application vulnerabilities and malicious web shells. Based on the original PHP vulnerability scanner THAPS, we propose E-THAPS which implements a novel detection mechanism, an improved SQL injection, Cross-site Scripting and vulnerability detection capabilities. For malicious web shell detection, taint analysis and pattern matching methods are chosen to be implemented in GuruWS. A number of extensive experiments are carried out to prove the outstanding performance of our proposed platform in comparison with several existing solutions in detecting either web application vulnerabilities or malicious web shells.
PB  - Springer
JF  - Transactions on Computational Collective Intelligence
VL  - 11370
SN  - 2190-9288
TI  - GuruWS: A Hybrid Platform for Detecting Malicious Web Shells and Web Application Vulnerabilities
SP  - 182
AV  - none
EP  - 208
ER  -