A Solution for Automatically Malicious Web Shell and Web Application Vulnerability Detection

  • Van-Giap Le
  • Huu-Tung Nguyen
  • Dang-Nhac Lu
  • Ngoc-Hoa NguyenEmail author
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 9875)


According to Internet Live Stats, it is evident that organizations and developers are underestimating security issues on their system. In this paper, we propose a protective and extensible solution for automatically detecting both the Web application vulnerabilities and malicious Web shells. Based on the original THAPS, we proposed E-THAPS that has a new detecting mechanism, improved SQLi, XSS and vulnerable functions detecting capabilities. For malicious Web shell detection, taint analysis and pattern matching methods are selected as the main approach. The broad experiment that we performed showed our outstanding results in comparison with other solutions for detecting the Web application vulnerabilities and malicious Web shells.


Web application vulnerability Malicious Web shell Taint analysis Pattern matching SQLi detection XSS detection 


  1. 1.
    Kals, S., Kirda, E., Kruegel, C., Jovanovich, N.: SecuBat: a web vulnerability scanner. In: 15th International Conference on World Wide Web, pp. 247–256 (2006)Google Scholar
  2. 2.
    Jensen, T., Pedersen, H., Olesen, M.C., Hansen, R.R.: THAPS: automated vulnerability scanning of PHP applications. In: Jøsang, A., Carlsson, B. (eds.) NordSec 2012. LNCS, vol. 7617, pp. 31–46. Springer, Heidelberg (2012)CrossRefGoogle Scholar
  3. 3.
    Dahse, J.: RIPS - a static source code analyser for vulnerabilities in PHP scripts. In: Seminar Work at Chair for Network and Data Security (2010)Google Scholar
  4. 4.
    Sasi, R.: Web backdoors - attack, evasion and detection. In: C0C0N Sec Conference (2011)Google Scholar
  5. 5.
    Nguyen, N.-H.: Iris recognition for biometric passport authentication. VNU J. Sci. Nat. Sci. Technol. 26(1), 14–20 (2010)Google Scholar
  6. 6.
    Le, H.H., Nguyen, N.H., Nguyen, T.T.: Exploiting GPU for large scale fingerprint identification. In: Nguyen, N.T., Trawiński, B., Fujita, H., Hong, T.-P. (eds.) Intelligent Information and Database Systems. LNCS, vol. 9621, pp. 688–697. Springer, Heidelberg (2016)CrossRefGoogle Scholar
  7. 7. Accessed 26 April 2016
  8. 8.
    Web technology surveys. Accessed 15 April 2016
  9. 9.
    Dahse, J., Holz, T.: Static detection of second-order vulnerabilities in web applications. In: 23rd USENIX Security Symposium (USENIX Security 14), pp. 989–1003 (2014)Google Scholar
  10. 10.
    Starov, O., Dahse, J., Ahmad, S., Holz, T., Nikiforakis, N.: Thieves, no honor among: a large-scale analysis of malicious web shells. In: 25th International Conference on World Wide Web, pp. 1021–1032 (2016)Google Scholar
  11. 11.
    Global websecurity whitehat contest.

Copyright information

© Springer International Publishing Switzerland 2016

Authors and Affiliations

  • Van-Giap Le
    • 1
  • Huu-Tung Nguyen
    • 1
  • Dang-Nhac Lu
    • 1
  • Ngoc-Hoa Nguyen
    • 1
    Email author
  1. 1.VNU University of Engineering and TechnologyHanoiVietnam

Personalised recommendations