Analysis of Web Security Using Open Web Application Security Project 10

Helmiawan, Muhammad Agreindra; Firmansyah, Esa; Fadil, Irfan; Sofivan, Yanvan; Mahardika, Fathoni; Guntara, Agun

doi:10.1109/citsm50537.2020.9268856

Cited by 10 publications

(7 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Attacks are also parsed, which involves classification by type and then aggregation by geospatial data. Attack classification by type is performed by OWASP [15] using a set of ModSecurity Core Rule Set [16] developed for web applications to identify cyber threats. The GSec GSec program suite in the Go and C languages serves to process the attacks, which carries out an automated attack type classification and aggregation of data in different time intervals.…”

Section: Methodsmentioning

confidence: 99%

Analysis Of the Behavior of Cyberattacks on Online Services Using the Cyber Threat Classification

Vladislavovich¹,

Dmitrievich²

2022

J Syst Eng Inf Technol

View full text Add to dashboard Cite

The paper contains a study of the dynamics of attacks on online services using the categorization of cyber threats by type in the corporate network of the Krasnoyarsk Scientific Center of the Siberian Branch of the Russian Academy of Sciences. The study was conducted using online service logs and allows solving pressing issues related to ensuring the built-in security of web services, such as: identifying both current and future cybersecurity risks. A summary of the most important logging and analysis techniques is provided. The authors describe the nature and content of the data sources and the software used. The extensive observation period of the study is one of its outstanding features. The structure of the processing system is provided and software tools for attack analysis and categorization are created. The paper shows that using categorized sampling allows for the detection of periodicity and the identification of patterns in specific types of attacks. A correlation matrix was created based on the type of attack. Except for Command Injection, Directory Browsing, and Java Code Injection attacks, which can be aggregated, the research found that most attack types had poor correlation. Based on the classification of cyber threats, the authors proposed a heuristic technique of risk comparison.

show abstract

Section: Methodsmentioning

confidence: 99%

Analysis Of the Behavior of Cyberattacks on Online Services Using the Cyber Threat Classification

Vladislavovich¹,

Dmitrievich²

2022

J Syst Eng Inf Technol

View full text Add to dashboard Cite

show abstract

“…The top ten most critical security risks [11] are regularly published for the companies and developers to raise the awareness of web application security in order to reduce the damage caused by potential vulnerabilities of applications. However, accordingly, there are recommended programming patterns that help the users to repair the unsafe configurations and minimize the risks [12].…”

Section: Terminology and Threats In Web Securitymentioning

confidence: 99%

Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities

Song

García-Valls

2022

Sensors

View full text Add to dashboard Cite

IoT (Internet of Things) systems are complex ones that may comprise large numbers of sensing and actuating devices; and servers that store data and further configure the operation of such devices. Usually, these systems involve real-time operation as they are closely bound to particular physical processes. This real-time operation is often threatened by the security solutions that are put in place to alleviate the ever growing attack surface in IoT. This paper focuses on critical IoT domains where less attention has been paid to the web security aspects. The main reason is that, up to quite recently, web technologies have been considered unreliable and had to be avoided by design in critical systems. In this work, we focus on the server side and on how attacks propagate from server to client as vulnerabilities and from client to unprotected servers; we describe the concerns and vulnerabilities introduced by the intensive usage of web interfaces in IoT from the server templating engines perspective. In this context, we propose an approach to perform self monitoring on the server side, propagating the self monitoring to the IoT system devices; the aim is to provide rapid detection of security vulnerabilities with a low overhead that is transparent to the server normal operation. This approach improves the control over the vulnerability detection. We show a set of experiments that validate the feasibility of our approach.

show abstract

“…Jinfeng et al [11], a case study is conducted for vulnerability scanners using the OWASP tool. Helmiawan et al [12] examined the security of the web using Open Web Application Security Project 10. Wijaya et al [13] suggested a web-based dashboard for monitoring penetration testing based on OWASP standards.…”

Section: Related Workmentioning

confidence: 99%

Penetration Testing Analysis with Standardized Report Generation

Barik¹,

Abirami²,

Das³

et al. 2021

Atlantis Highlights in Computer Sciences

View full text Add to dashboard Cite

Penetration testing is a mirrored cyber-attack defined for identifying vulnerabilities and flaws in a computer system/Network/Web application-the organization appoints experts to conduct the test and present the details for deeper interpretation. One of the critical components of securing the network is to perform penetration tests of the network and web applications. In this paper, the industry-known OWASP (Open Web Application Security Project) vulnerability tool and three vulnerable web applications in a lab setup are explored and presented with a detailed analysis. Further, three penetration test reports are selected, and comprehensive analysis and reports are generated from the proposed setup. After the observation, it's understood that there is a lack of standardization format of the penetration testing reports. Therefore, this paper presents a format that will cater to the understanding of domain knowledge experts, decision-making bodies, and board members of the top executives of an organization for making further decisions on improving the robustness of their network and web applications.

show abstract

Analysis of Web Security Using Open Web Application Security Project 10

Cited by 10 publications

References 16 publications

Analysis Of the Behavior of Cyberattacks on Online Services Using the Cyber Threat Classification

Analysis Of the Behavior of Cyberattacks on Online Services Using the Cyber Threat Classification

Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities

Penetration Testing Analysis with Standardized Report Generation

Contact Info

Product

Resources

About