Tolga Unlu scite author profile

Tolga Unlu

3Publications

1Citation Statement Received

56Citation Statements Given

How they've been cited

How they cite others

Affiliations

Abertay University

Publications

Order By: Most citations

Measuring Developers’ Web Security Awareness from Attack and Defense Perspectives

Şahin¹,

Unlu

Hebert³

et al. 2022

View full text Add to dashboard Cite

Web applications are the public-facing components of information systems, which makes them an easy entry point for various types of attacks. While it is often the responsibility of web developers to implement the proper security controls, it remains a challenge for them to develop a good understanding of the whole attack surface.This paper aims to understand the developers' familiarity with a number of web attack and defense mechanisms. In particular, we conduct two different experiments: First, we employ a questionnaire to understand the perceived attack surface and the types of security controls that are often considered. Second, we design a Capture the Flag challenge that aims to push the participants to discover as many attack points as possible on a given web application. Among several other observations, we find that one third of developers are not aware of the client's ability to intercept and modify all parts of an HTTP request. Moreover, developers' attack awareness focus on a limited set of attacks (such as Crosssite scripting and SQL injection), overlooking a large part of the attack surface.

show abstract

A Taxonomy of Approaches for Integrating Attack Awareness in Applications

Unlu

Shepherd

Coull

et al. 2020

View full text Add to dashboard Cite

Software applications are subject to an increasing number of attacks, resulting in data breaches and financial damage. Many solutions have been considered to help mitigate these attacks, such as the integration of attack-awareness techniques. In this paper, we propose a taxonomy illustrating how existing attack awareness techniques can be integrated into applications. This work provides a guide for security researchers and developers, aiding them when choosing the approach which best fits the needs of their application.

show abstract

Poster: Angry Birding: Evaluating Application Exceptions as Attack Canaries

Unlu

Shepherd

Coull

et al. 2021

View full text Add to dashboard Cite

scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.

Contact Info

customersupport@researchsolutions.com

10624 S. Eastern Ave., Ste. A-614

Henderson, NV 89052, USA

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Blog Terms and Conditions API Terms Privacy Policy Contact Cookie Preferences Do Not Sell or Share My Personal Information

Made with 💙 for researchers

Part of the Research Solutions Family.

Tolga Unlu

Measuring Developers’ Web Security Awareness from Attack and Defense Perspectives

A Taxonomy of Approaches for Integrating Attack Awareness in Applications

Poster: Angry Birding: Evaluating Application Exceptions as Attack Canaries

Contact Info

Product

Resources

About