• The Journal of Korean Institute of Communications and Information Sciences
• /
• v.36 no.9B
• /
• pp.1073-1081
• /
• 2011

An URL parameter can hold some information that is confidential or vulnerable to illegitimate tampering. We propose Link-E-Param(Link with Encrypted Parameters) to protect the whole URL parameter names as well as their values. Unlike other techniques concealing only some of the URL parameters, it will successfully discourage attacks based on URL analysis to steal secret information on the Web sites. We implement Link-E-Param in the form of a servlet filter to be deployed on any Java Web server by simply copying a jar file and setting a few configuration values. Thus it can be used for any existing Web application without modifying the application. It also supports numerous encryption algorithms to choose from. Experiments show that our implementation induces only 2~3% increase in user response time due to encryption and decryption, which is deemed acceptable.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.7
• /
• pp.329-336
• /
• 2017

As web apps have evolved faster and become more complex, their validation and verification have become essential for their development and maintenance. Efficient validation and verification require understanding of how web components collaborate with each other to meet user requests. Thus, this paper proposes a new approach to automatically extracting such collaboration when a user issues a request for a new page. The approach is dynamic and less sensitive to web development languages and technologies, compared to static extraction approaches. It considers an orignal web app as a black-box and does not change the app's behavior. The empirical evaluation shows that our approach can be applicable to extract component collaboration and understand the behavior of open source web apps.