Analyse de vulnérabilités et évaluation de systèmes de détection d'intrusions pour les applications Web

Web applications vulnerability analysis and intrusion detection systems assessment With the increasing development of Internet, Web applications have become increasingly vulnerable and exposed to malicious attacks that could affect essential properties such as confidentiality, integrity or availability of information systems. To cope with these threats, it is necessary to develop efficient security protection mechanisms and testing techniques (firewall, intrusion detection system, Web scanner, etc..). The question that arises is how to evaluate the effectiveness of such mechanisms and what means can be implemented to analyze their ability to correctly detect attacks against Web applications. This thesis presents a new methodology, based on web pages clustering, that is aimed at identifying the vulnerabilities of a Web application following a black box analysis of the target application. Each identified vulnerability is actually exploited to ensure that the identified vulnerability does not correspond to a false positive. The proposed approach can also highlight different potential attack scenarios including the exploitation of several successive vulnerabilities, taking into account explicitly the dependencies between these vulnerabilities. We have focused in particular on code injection vulnerabilities, such as SQL injections. The proposed method led to the development of a new Web vulnerability scanner and has been validated experimentally based on various vulnerable applications. We have also developed an experimental platform integrating the new web vulnerability scanner, that is aimed at assessing the effectiveness ofWeb applications intrusion detection systems, in a context that is representative of the threats that such applications face in operation. This platform integrates several tools that are designed to automate as much as possible the evaluation campaigns. It has been used in particular to evaluate the effectiveness of two intrusion detection techniques that have been developed by our partners of the collaborative project DALI, funded by the ANR, the French National Research Agency.

Data and Resources

Additional Info

Field Value
Source https://theses.hal.science/tel-00782565
Author Akrout, Rim
Maintainer CCSD
Last Updated May 14, 2026, 20:04 (UTC)
Created May 14, 2026, 20:04 (UTC)
Identifier tel-00782565
Language fr
Rights https://about.hal.science/hal-authorisation-v1/
contributor Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique (LAAS-TSF) ; Laboratoire d'analyse et d'architecture des systèmes (LAAS) ; Université Toulouse Capitole (UT Capitole) ; Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse) ; Institut National des Sciences Appliquées (INSA)-Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Institut National des Sciences Appliquées (INSA)-Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Université Toulouse - Jean Jaurès (UT2J) ; Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Université Toulouse III - Paul Sabatier (UT3) ; Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP) ; Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Université Toulouse Capitole (UT Capitole) ; Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse) ; Institut National des Sciences Appliquées (INSA)-Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Institut National des Sciences Appliquées (INSA)-Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Université Toulouse - Jean Jaurès (UT2J) ; Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Université Toulouse III - Paul Sabatier (UT3) ; Communauté d'universités et établissements de Toulouse (Comue de Toulouse)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP) ; Communauté d'universités et établissements de Toulouse (Comue de Toulouse)
creator Akrout, Rim
date 2012-10-18T00:00:00
harvest_object_id bce068ba-b235-4ad1-8be9-95c14136ed06
harvest_source_id 3374d638-d20b-4672-ba96-a23232d55657
harvest_source_title test moissonnage SELUNE
metadata_modified 2025-10-22T00:00:00
set_spec type:THESE