Optimum tuning of defense settings for common attacks on the web applications

Tsai, Dwen-Ren; Chang, Allen Y.; Liu, Peichi; Chen, Hsuan-Chang

doi:10.1109/ccst.2009.5335560

Cited by 10 publications

(4 citation statements)

References 1 publication

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Unlike traditional desktop systems, web applications suffer native vulnerabilities due to their architecture and also due to the fact that they are exposed to a wider audience. Recently research indicates that among all attacks, SQL Injection and Cross-Site Scripting attack are the most common and most serious attacks [11].…”

Section: Risks Affecting Web Applicationsmentioning

confidence: 99%

See 1 more Smart Citation

Web Security and Log Management: An Application Centric Perspective

Kahonge

Okello-Odongo

Miriti

et al. 2013

JIS

View full text Add to dashboard Cite

The World Wide Web has been an environment with many security threats and lots of reported cases of security breaches. Various tools and techniques have been applied in trying to curb this problem, however new attacks continue to plague the Internet. We discuss risks that affect web applications and explain how network-centric and host-centric techniques, as much as they are crucial in an enterprise, lack necessary depth to comprehensively analyze overall application security. The nature of web applications to span a number of servers introduces a new dimension of security requirement that calls for a holistic approach to protect the information asset regardless of its physical or logical separation of modules and tiers. We therefore classify security mechanisms as either infrastructure-centric or application-centric based on what asset is being secured. We then describe requirements for such application-centric security mechanisms.

show abstract

Section: Risks Affecting Web Applicationsmentioning

confidence: 99%

“…Cross-Site Scripting is mainly intended to attack the user of a website and by utilizing the property of the website that allows users to enter data [11]. Here a hacker enters part of HTML syntax or Java/VB Script syntax as a data in a data entry form such as a blog page.…”

Section: Inherent Weakness Of Web Scriptmentioning

confidence: 99%

Web Security and Log Management: An Application Centric Perspective

Kahonge

Okello-Odongo

Miriti

et al. 2013

JIS

View full text Add to dashboard Cite

show abstract

“…Future work includes plans to analyze the possibility of merging WASP with current Open Source Web Application Firewalls (WAF) [42]- [45]. WAF is a technique that is worthy of future research, considering there is little information on how to create a WAF, how to use a WAF, or how to configure a WAF.…”

Section: Future Workmentioning

confidence: 99%

A Structured Analysis of SQL Injection Runtime Mitigation Techniques

Steiner

Leon

Alves-Foss

2017

Proceedings of the 50th Hawaii International Conference on System Sciences (2017)

View full text Add to dashboard Cite

Abstract-SQL injection attacks (SQLIA) still remain one of the most commonly occurring and exploited vulnerabilities. A considerable amount of research concerning SQLIA mitigation techniques has been conducted with the primary resulting solution requiring developers to code defensively. Although, defensive coding is a valid solution, the current market demand for websites is being filled by inexperienced developers with little knowledge of secure development practices. Unlike the successful case of ASLR, no SQLIA runtime mitigation technique has moved from research to enterprise use. This paper presents an in-depth analysis and classification, based on Formal Concept Analysis, of the 10 major SQLIA runtime mitigation techniques. Based on this analysis, one technique was identified that shows the greatest potential for transition to enterprise use. This analysis also serves as an enhanced SQLIA mitigation classification system. Future work includes plans to move the selected SQLIA runtime mitigation technique closer to enterprise use.

show abstract

“…A study suggests that SQL Injection and cross-web site scripting are the most usual and most critical assaults (Tsai et al , 2009). These pages often contain scripting code to be executed dynamically within a web browser.…”

Section: Web Application Overviewmentioning

confidence: 99%

Government Web Application Security: Issues and Challenges - A Case of India

Rao¹

2016

IJCATR

View full text Add to dashboard Cite

Abstract:The public services offered by the government are trustworthy, for that reason the government needs to understand various threats, vulnerabilities, and trends in order to protect the citizen database and offered services. This paper studied various acts, rules, policies, guidelines and standards adopted by the government departments for development of design, development & deployment of web-based applications and cited various problems related to coding, manpower and funding issues as a case of India. This study shows, the majority of government departments is developing and audited web applications before hosting on the public domain. But, for this most departments have to depend on the private organizations. This drawback arises in the government departments because of lack of certified or educated staff. Thus the government departments ought to train their staff along with administrators in information security from time to time. This will ensure making improvements to the internal protection and reduce the dependency on private organization tremendously.

show abstract

Optimum tuning of defense settings for common attacks on the web applications

Cited by 10 publications

References 1 publication

Web Security and Log Management: An Application Centric Perspective

Web Security and Log Management: An Application Centric Perspective

A Structured Analysis of SQL Injection Runtime Mitigation Techniques

Government Web Application Security: Issues and Challenges - A Case of India

Contact Info

Product

Resources

About