The latest advancements in the internet and communication technology has made day-to-day life fully dependent on webapplications as all the facilities are available at just one click. Network failure, data breaches, ...
详细信息
ISBN:
(纸本)9781467365406
The latest advancements in the internet and communication technology has made day-to-day life fully dependent on webapplications as all the facilities are available at just one click. Network failure, data breaches, computer viruses and other malicious contents based Cyber-attacks have affected the security of webapplications and there is always a risk of information stealing or tampering. Cross-site scripting is one of the application layer vulnerabilities that targets webapplications by embedding scripts in a web page that will get executed at client side or server-side and the attacker will manipulate the information in desired manner. This paper provides a 'Positive Security Model' based server-side solution to prevent webapplications and its users from XSS and provides flexibility to be integrated at any stage of development.
Nowadays, with the rapid development of Internet, the use of web is increasing and the webapplications have become a substantial part of people's daily life ( e. g. E-Government, E-Health and E-Learning), as they...
详细信息
ISBN:
(纸本)9781467365376
Nowadays, with the rapid development of Internet, the use of web is increasing and the webapplications have become a substantial part of people's daily life ( e. g. E-Government, E-Health and E-Learning), as they permit to seamlessly access and manage information. The main security concern for e-business is webapplication security. webapplications have many vulnerabilities such as Injection, Broken Authentication and Session Management, and Cross-site scripting ( XSS). Subsequently, webapplications have become targets of hackers, and a lot of cyber attack began to emerge in order to block the services of these webapplications ( Denial of Service Attach). Developers are not aware of these vulnerabilities and have no enough time to secure their applications. Therefore, there is a significant need to study and improve attack detection for webapplications through determining the most significant factors for detection. To the best of our knowledge, there is not any research that summarizes the influent factors of detection web attacks. In this paper, the author studies state-of-the-art techniques and research related to web attack detection: the author analyses and compares different methods of web attack detections and summarizes the most important factors for web attack detection independent of the type of vulnerabilities. At the end, the author gives recommendation to build a framework for webapplication protection.
Now a days, most of the people use internet for their business and commercial use. This advancement of technology make our daily life better but there are so many risks due to some webapplications vulnerabilities. Cr...
详细信息
With the increasingly important role of webapplications in online set-vices and business systems, vulnerabilities such as SQL Injection have become serious security threats. Finding these vulnerabilities by manual te...
详细信息
ISBN:
(纸本)9783642001987
With the increasingly important role of webapplications in online set-vices and business systems, vulnerabilities such as SQL Injection have become serious security threats. Finding these vulnerabilities by manual testing is a time-consuming and error-prone practice that may result in some potential vulnerabilities being missed due to some execution branches being missed. In this paper, we describe an automatic security testing method to find vulnerabilities in webapplications;this method utilizes test data generation techniques for improving the code coverage. Our security testing involves automatic attack request generation and automatic security checking using dynamic tainting technique that detects dangerous contents originating from untrustworthy sources in commands and outputs. Automatic constraint-based test data generation helps to create test data for executing program branches that may have remained unexecuted in previous tests. The experimental results indicate that our method is effective to find new vulnerabilities, and test data generation may held to improve the effectiveness of detection.
This paper focuses on the different challenges to design a security typed web scripting language. It uses the type system approach on a simple imperative language that captures a subset of the security typed web langu...
详细信息
ISBN:
(纸本)9780769533247
This paper focuses on the different challenges to design a security typed web scripting language. It uses the type system approach on a simple imperative language that captures a subset of the security typed web language constructs to express the security properties that must be held in the language with respect to its formal semantics to prevent insecure information flow in webapplication system and hence the common webapplication security vulnerabilities.
暂无评论