Raymond Wu and Masayuki Hisada
The purpose of this paper is to propose a metadata‐driven approach and the associated technologies to deal with ever‐rising web security issue. The approach applies metadata…
Abstract
Purpose
The purpose of this paper is to propose a metadata‐driven approach and the associated technologies to deal with ever‐rising web security issue. The approach applies metadata techniques to envision semantic validation for new types of vulnerability.
Design/methodology/approach
Token decomposition design was applied to move analysis work into abstract level. This novel approach can solve the issues by using a dual control method to perform vulnerability validation.
Findings
Current analysis has been lack in metadata foundation, the vulnerability is invisible due to semantic obfuscation. This paper reflects the limitation of existing methods. It applies metadata‐driven approach to move physical and syntax analysis into semantic validation.
Research limitations/implications
Currently, certain difficulties may be encountered in preparing benchmarking for dual control process before completing development work. However, this paper tries to create scenarios which can be a reference, to evaluate the semantic validation.
Practical implications
In consideration of the optimized control and vulnerability rate, Structural Query Language (SQL) injection is taken as an example in demonstration. This approach targets large enterprise and high complexity, and the research intends to impact industry to generate common practices such as metadata standards and development tools.
Originality/value
This paper contributes originality in applying metadata strategy to envision semantic structure. It further favours the service industry in building up portfolio foundation in component‐based technologies. As the new type of vulnerability can be precisely specified, it can minimize business impact and achieve efficient vulnerability detection.