Show simple item record

dc.creatorAljawarneh,Shadi
dc.creatorAlkhateeb,Faisal
dc.creatorAl Maghayreh,Eslam
dc.date2010-04-01
dc.date.accessioned2019-04-25T12:41:27Z
dc.date.available2019-04-25T12:41:27Z
dc.identifierhttps://scielo.conicyt.cl/scielo.php?script=sci_arttext&pid=S0718-18762010000100005
dc.identifier.urihttp://revistaschilenas.uchile.cl/handle/2250/61093
dc.descriptionAn Input validation can be a critical issue. Typically, a little attention is paid to it in a web development project, because overenthusiastic validation can tend to cause failures in the software, and can also break the security upon web applications such as an unauthorized access to data. Now, it is estimated the web application vulnerabilities (such as XSS or SQL injection) for more than two thirds of the reported web security vulnerabilities. In this paper, we start with a case study of the bypassing data validation and security vulnerabilities such as SQL injection and then go on to discuss the merits of a number of common data validation techniques. We also review the different solutions to date to provide data validation techniques in e-commerce applications. From this analysis, a new data validation service which is based upon semantic web Technologies, has been designed and implemented to prevent the web security vulnerabilities at the application level and to secure the web system even if the input validation modules are bypassed. Our semantic architecture consists of the following components: RDFa annotation for elements of web pages, interceptor, RDF extractor, RDF parser, and data validator. The experimental results of the pilot study indicate that the proposed data validation service might provide a detection, and prevention of some web application attacks.
dc.formattext/html
dc.languageen
dc.publisherUniversidad de Talca
dc.relation10.4067/S0718-18762010000100005
dc.rightsinfo:eu-repo/semantics/openAccess
dc.sourceJournal of theoretical and applied electronic commerce research v.5 n.1 2010
dc.subjectWeb Application
dc.subjectData Validation
dc.subjectVulnerabilities
dc.subjecte-Commerce
dc.subjectSQL injection
dc.subjectWeb system
dc.subjectOn the fly
dc.subjectData Tampering
dc.titleA Semantic Data Validation Service for Web Applications


This item appears in the following Collection(s)

Show simple item record