2014
DOI: 10.1186/1678-4804-20-4
|View full text |Cite
|
Sign up to set email alerts
|

An automated black box approach for web vulnerability identification and attack scenario generation

Abstract: International audienceWeb applications have become increasingly vulnerable and exposed to malicious attacks that could affect essential properties of information systems such as confidentiality, integrity, or availability. To cope with these threats, it is necessary to develop efficient security protection mechanisms and assessment techniques (firewall, intrusion detection system, Web scanner, etc.). This paper presents a new methodology, based on Web page clustering techniques, that is aimed at identifying th… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1
1
1

Citation Types

0
14
0
1

Year Published

2015
2015
2023
2023

Publication Types

Select...
6
3

Relationship

0
9

Authors

Journals

citations
Cited by 25 publications
(15 citation statements)
references
References 6 publications
0
14
0
1
Order By: Relevance
“…The methodology presented in the article is not intended to be applied in documents explaining methodologies (e.g. Akrout et al [1]). The methodology is related to the documentation of their pragmatic application at the operators level, with intra-organization scope.…”
Section: Discussionmentioning
confidence: 99%
“…The methodology presented in the article is not intended to be applied in documents explaining methodologies (e.g. Akrout et al [1]). The methodology is related to the documentation of their pragmatic application at the operators level, with intra-organization scope.…”
Section: Discussionmentioning
confidence: 99%
“…Online detection is also called real-time detection, which means a scanner will be immediately alerted and processed once its scanning behavior is detected. In addition, some literatures focus on the design and implementation of scanners [3][4][5][6][7][8], which are helpful to understand the mechanism of these scanners and to extract the fingerprint and behavioral characteristics of scanners.…”
Section: Related Workmentioning
confidence: 99%
“…Based on clustering techniques, a methodology has been developed aiming to identify web application vulnerability. They developed Wasapy vulnerability scanner and compared the result with W3af 1.1, Skipfish 1.9.6b, and Wapiti 2.2.1 focusing on code injection type vulnerability [9]. A method proposed to create test input using attack pattern with applying permutation and combination algorithm for several SQL injection [23].A sample prototype implementation with Open Web Application Security (OWASP) enterprise security application API based on Rapid Application Development (RAD) methodology to minimize web application flaws and prevent from critical malicious attacks [24].…”
Section: Literature Reviewmentioning
confidence: 99%