{"created":"2025-01-18T23:45:26.823899+00:00","updated":"2025-01-21T12:03:31.405834+00:00","metadata":{"_oai":{"id":"oai:ipsj.ixsq.nii.ac.jp:00099412","sets":["1164:1384:7508:7509"]},"path":["7509"],"owner":"11","recid":"99412","title":["既存Webアプリケーションの入力処理の脆弱性調査と対策"],"pubdate":{"attribute_name":"公開日","attribute_value":"2014-03-12"},"_buckets":{"deposit":"0fe5a47f-9995-4bd2-95ea-2a1cb7dfd48d"},"_deposit":{"id":"99412","pid":{"type":"depid","value":"99412","revision_id":0},"owners":[11],"status":"published","created_by":11},"item_title":"既存Webアプリケーションの入力処理の脆弱性調査と対策","author_link":["0"],"item_titles":{"attribute_name":"タイトル","attribute_value_mlt":[{"subitem_title":"既存Webアプリケーションの入力処理の脆弱性調査と対策"}]},"item_keyword":{"attribute_name":"キーワード","attribute_value_mlt":[{"subitem_subject":"Webアプリケーション","subitem_subject_scheme":"Other"}]},"item_type_id":"4","publish_date":"2014-03-12","item_4_text_3":{"attribute_name":"著者所属","attribute_value_mlt":[{"subitem_text_value":"情報セキュリティ大学院大学"},{"subitem_text_value":"情報セキュリティ大学院大学"}]},"item_4_text_4":{"attribute_name":"著者所属(英)","attribute_value_mlt":[{"subitem_text_value":"INSTITUTE of INFORMATION SECURITY","subitem_text_language":"en"},{"subitem_text_value":"INSTITUTE of INFORMATION SECURITY","subitem_text_language":"en"}]},"item_language":{"attribute_name":"言語","attribute_value_mlt":[{"subitem_language":"jpn"}]},"item_publisher":{"attribute_name":"出版者","attribute_value_mlt":[{"subitem_publisher":"情報処理学会","subitem_publisher_language":"ja"}]},"publish_status":"0","weko_shared_id":-1,"item_file_price":{"attribute_name":"Billing file","attribute_type":"file","attribute_value_mlt":[{"url":{"url":"https://ipsj.ixsq.nii.ac.jp/record/99412/files/IPSJ-SE14183002.pdf"},"date":[{"dateType":"Available","dateValue":"2016-03-12"}],"format":"application/pdf","billing":["billing_file"],"filename":"IPSJ-SE14183002.pdf","filesize":[{"value":"883.2 kB"}],"mimetype":"application/pdf","priceinfo":[{"tax":["include_tax"],"price":"660","billingrole":"5"},{"tax":["include_tax"],"price":"330","billingrole":"6"},{"tax":["include_tax"],"price":"0","billingrole":"12"},{"tax":["include_tax"],"price":"0","billingrole":"44"}],"accessrole":"open_date","version_id":"ca56b84a-13b8-4320-9473-4d3d43801d39","displaytype":"detail","licensetype":"license_note","license_note":"Copyright (c) 2014 by the Information Processing Society of Japan"}]},"item_4_creator_5":{"attribute_name":"著者名","attribute_type":"creator","attribute_value_mlt":[{"creatorNames":[{"creatorName":"木村勇一"},{"creatorName":"後藤厚宏"}],"nameIdentifiers":[{}]}]},"item_4_source_id_9":{"attribute_name":"書誌レコードID","attribute_value_mlt":[{"subitem_source_identifier":"AN10112981","subitem_source_identifier_type":"NCID"}]},"item_4_textarea_12":{"attribute_name":"Notice","attribute_value_mlt":[{"subitem_textarea_value":"SIG Technical Reports are nonrefereed and hence may later appear in any journals, conferences, symposia, etc."}]},"item_resource_type":{"attribute_name":"資源タイプ","attribute_value_mlt":[{"resourceuri":"http://purl.org/coar/resource_type/c_18gh","resourcetype":"technical report"}]},"item_4_description_7":{"attribute_name":"論文抄録","attribute_value_mlt":[{"subitem_description":"本研究は，Web アプリケーション （WebAP） の入力処理の脆弱性に注目し，現在の開発手法に適用可能な対策方法を考察したものである．WebAP に対する古典的な攻撃手法であるパラメタ改ざんのうち，サーバが取り込み対象としているパラメタならばクライアントサイドからパラメタが見えなくてもパラメタが取り込まれることを利用した負のパラメタ改ざん攻撃と呼ばれる攻撃がある．このような攻撃は国内外ともに注目されることは少なかったが，近年，WebAP 開発に用いられる WebAP フレームワークや自動生成ツールの組み合わせ利用の増加によって，入力処理の脆弱性が発生する懸念があり，負のパラメタ改ざん攻撃を受ける可能性がある．そこで本研究では Java で検証用 WebAP を構築し，これを用いて脆弱性の原因調査を行い，入力処理の脆弱性の対策について対策方法を実装し検証を行った．その結果，単一の方法では十分な対策が困難であることが分かった．十分な対策を行うためには，適用する WebAP ごとにいくつかある対策方法を組み合わせることが重要となる．","subitem_description_type":"Other"}]},"item_4_biblio_info_10":{"attribute_name":"書誌情報","attribute_value_mlt":[{"bibliographicPageEnd":"8","bibliographic_titles":[{"bibliographic_title":"研究報告ソフトウェア工学（SE）"}],"bibliographicPageStart":"1","bibliographicIssueDates":{"bibliographicIssueDate":"2014-03-12","bibliographicIssueDateType":"Issued"},"bibliographicIssueNumber":"2","bibliographicVolumeNumber":"2014-SE-183"}]},"relation_version_is_last":true,"weko_creator_id":"11"},"id":99412,"links":{}}