Skip to content
Snippets Groups Projects
Commit a3a8032a authored by Vakama's avatar Vakama
Browse files

add legal aspect to ch6

parent 4b315508
No related branches found
No related tags found
No related merge requests found
No preview for this file type
No preview for this file type
......@@ -118,7 +118,7 @@
\item Modified the data structure to storing it
\end{enumerate}
These three functions will be discussed in this section.
These three functions will be discussed in this section. If you'd like to check out the full coding of the tool, you can check out the Git project online (\cite{ProjectYD}).
\subsection{Request listening and extracting}
......
......@@ -22,3 +22,13 @@
\item Only detection is not enough for protect the application from XSS attack, if we want to protect the server, a filter can be added to clean up the suspicious input or encode it into a safe format (like HTMLencode() function). This tool only listen to the port, it can not manipulate the request data, but if we can modify the data, then a protection method can be added.
\item As this tool use pattern machine technique, it can be used in all kinds of attack that related to user input, like SQL injection and code execution. This can be added as future function of the tool.
\end{enumerate}
\section{Legal aspect}
There is one legal aspect about this project should be discussed. the main point is that our tool been build in this tool is a tool that is designed to be used for protect a server, not attacking one.
To make sure the tool won't be used for attacking a server, this tool use pycap package, which is Python package for internet package listening, it can only be used to log the package go through, not modifying it. this make sure that the tool can be used for changing the data in Package.
What's more, all the method been used in the program are not able to modify the data except the data in the file been created by the tool and the MySQL table created by this tool. So the tools won't change the data except data not related to the file.
In conclusion, the tool only has the ability to listen to the package, not modifying it, and the tool can only make changes to the data in that is related to this program, so it could not be used for attack a server as it is not designed to be able to do it.
\ No newline at end of file
......@@ -17,6 +17,14 @@ note = {Aviliable:\\ \url{https://www.cvedetails.com/vulnerabilities-by
note = {Aviliable:\\ \url{https://dev.mysql.com/doc/refman/8.0/en/char.html}, accessed on September 12, 2020},
}
@misc{ProjectYD,
author = "{Yang Ding}",
title = {A detection method for cross-site scripting},
howpublished = {[online]},
year = {2020},
note = {Aviliable:\\ \url{https://git.soton.ac.uk/yd4u19/msc-project_yd}, accessed on September 15, 2020},
}
@misc{OWASP,
author = "{The Open Web Application Security Project}",
title = {OWASP Top Ten},
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment