检索结果-内蒙古大学图书馆

An algorithm to find relationships between web vulnerabilities

JOURNAL OF SUPERCOMPUTING 2018年第3期74卷 1061-1089页

作者： Roman Munoz, Fernando Garcia Villalba, Luis Javier Univ Complutense Madrid Fac Informat Technol & Comp Sci Dept Software Engn & Artificial Intelligence DISI GASS Calle Prof Jose Garcia Santesmases9Ciudad Univ E-28040 Madrid Spain

Over the past years, there has been a high increase in web sites using cloud computing. Like usual web site, those web applications can have most of the common web vulnerabilities, like SQL injection or cross-site scripting. Therefore, cloud computing has become more attractive to cyber criminals. Besides, in many cases it is necessary to comply with regulations like PCI DSS or standards like ISO/IEC 27001. To face those threats and requirements it is a common task to analyze web applications to detect and correct their vulnerabilities. The most used tools to analyze web applications are automatic scanners. But it is difficult to comparatively decide which scanner is best or at least is best suited to detect a particular vulnerability. To evaluate scanner capabilities some evaluation criteria have been defined. Often a web vulnerability classification is also used to evaluate scanners, but current web vulnerability classifications do not usually include all vulnerabilities. To face evaluation criteria which are not up-to-date and to have the fullest possible classification, in this paper a new method to map web vulnerability classifications is proposed. The result will be the vulnerabilities an automatic scanner has to detect. As classifications change over time, this new method could be executed when the existing classifications change or when new classifications are developed. The vulnerabilities described this way can also be seen as a web vulnerability classification that includes all vulnerabilities in the classifications taken into account.

关键词： Cloud computing vulnerabilities Cyber-security Vulnerability classifications web vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

A Survey on Detection and Prevention of web vulnerabilities

引用

INTERNATIONAL JOURNAL OF ADVANCED COMPUTER SCIENCE AND APPLICATIONS 2020年第6期11卷 521-540页

作者： Noman, Muhammad Iqbal, Muhammad Manzoor, Amir Bahria Univ Dept Comp Sci Karachi Campus Karachi Pakistan Southwest Jiaotong Univ Sch Informat Sci & Technol Chengdu Peoples R China Bahria Univ Dept Management Sci Karachi Pakistan

The Internet provides a vast range of benefits to society and empowers the users in a variety of ways to use web applications. Simply, the internet has become the most transformative and fast-growing technology ever built, but it also brings new security challenges to web services in internet applications because of the scattered and open nature of the internet. A simple vulnerability in the program code could favor/benefit an attacker to obtain unauthorized access and perform adversary actions. Hence, the security of web applications from a hacking attempt is of paramount importance. This paper focuses on a literature survey recapitulating security solutions and major vulnerabilities to promote further research by systemizing the existing methods, on a bigger horizon. The data is collected from an absolute of 86 primary studies that are taken from well-known digital libraries. Different methods comprising secure programming, static, Dynamic, Hybrid analysis, and machine learning classify the data from articles. The quantity of references or the significance of a developing strategy is kept in account while selecting articles. Overall, our survey suggests that there is no way to alleviate all the web vulnerabilities therefore more studies is desirable in the area of web information security. All methods' complexity is addressed and some recommendations regarding when to use the application of given methods are provided. Finally, we typify the experience gained and examine future research openings in web application security.

关键词： web security survey web vulnerabilities detection and prevention techniques

来源：评论

学校读者我要写书评

暂无评论

Predicting web vulnerabilities in web Applications Based on Machine Learning 1

引用

1st International Conference on Intelligent Technologies and Applications (INTAP)

作者： Khalid, Muhammad Noman Farooq, Humera Iqbal, Muhammad Alam, Muhammad Talha Rasheed, Kamran Bahria Univ Karachi Campus Karachi Pakistan

ISBN: (数字)9789811360527

ISBN: (纸本)9789811360527

Building a secure website is time-consuming, expensive and challenging task for web developers. Researchers to identify webpage sinks to address security efforts, as it helps to reduce time and money to secure web application, are introducing different web vulnerabilities prediction models. Some of the well-known web vulnerabilities are SQL Injection, Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF). Different machine learning methods are being employed by the existing vulnerability prediction models to prevent vulnerable components in web applications. However, majority of these methods cannot challenge all web vulnerabilities. Therefore, this paper proposed a method namely NMPREDICTOR to predict vulnerable files in website for vulnerability prediction as a classification problem by predicting legitimate or vulnerable code. In addition, it is an effort to employ the classification on different classifier of machine learning algorithms to judge elimination of vulnerable components. Numerous experiments have been conducted in our study to evaluate the performance of our proposed model. Through our proposed method, we have builds 6 classifiers on a training set of labeled files represented by their software metrics and text features. Additionally, we builds a Meta classifier, which combines the six underlying classifiers i. e. J48, Naive Bayes and Random forest. NMPREDICTOR is evaluated on datasets of three web applications, which offers 223 superior quality vulnerabilities found in PHPMyAdmin, Moodle and Drupal. Our proposed method shows a clearly has an advantage over results of existing studies in case of Drupal, PhpMyAdmin and Moodle.

关键词： Vulnerable file Machine learning Text mining web vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

A clustering approach for web vulnerabilities detection

A clustering approach for web vulnerabilities detection

引用

17th IEEE Pacific Rim International Symposium on Dependable Computing (PRDC)

作者： Dessiatnikoff, A. Akrout, R. Alata, E. Kaaniche, M. Nicomette, V. CNRS LAAS 7 Ave Colonel Roche F-31077 Toulouse France Univ Toulouse LAAS INSA ISAE F-31077 Toulouse France

ISBN: (纸本)9780769545905

This paper presents a new algorithm aimed at the vulnerability assessment of web applications following a black-box approach. The objective is to improve the detection efficiency of existing vulnerability scanners and to move a step forward toward the automation of this process. Our approach covers various types of vulnerabilities but this paper mainly focuses on SQL injections. The proposed algorithm is based on the automatic classification of the responses returned by the web servers using data clustering techniques and provides especially crafted inputs that lead to successful attacks when vulnerabilities are present. Experimental results on several vulnerable applications and comparative analysis with some existing tools confirm the effectiveness of our approach.

关键词： web security assessment security scanners web vulnerabilities clustering dynamic analysis

来源：评论

学校读者我要写书评

暂无评论

Impact of secure programming on web application vulnerabilities

Impact of secure programming on web application vulnerabilit...

引用

IEEE International Conference on Computer Graphics, Vision and Information Security (CGVIS)

作者： Rexha, Blerim Halili, Arbnor Rrmoku, Korab Imeraj, Dren Univ Prishtina Fac Elect & Comp Engn Prishtina Kosovo

ISBN: (纸本)9781467374378

Nowadays all organizations tend to shift their daily business processes into web. This shifting requires from web developer's detailed knowledge about security techniques, such as Structured Query Language (SQL) injection and Cross Site Scripting Attack (XSS), otherwise the data managed and protected by web application could be exposed to not authorized parties. This paper aims to link and measure the impact of security techniques used by web developers for avoiding the vulnerabilities in web applications. We conducted a survey about the level of applicability of security techniques during web development and conducted a penetration testing for more than 110 local web sites. We discovered many vulnerabilities in these web sites and we linked the results with survey outcome.

关键词： web security security scanners web vulnerabilities SQL injection XSS attack

来源：评论

学校读者我要写书评

暂无评论

Unveiling XSS Threats: A Bipartite Graph Approach with Ensemble Deep Learning for Enhanced Detection

引用

INFORMATION 2025年第2期16卷 97-97页

作者： Alorainy, Wafa Shaqra Univ Durma Coll Sci & Humanities Shaqra 11961 Saudi Arabia

Cross-Site Scripting (XSS) attacks are a common source of vulnerability for web applications, necessitating scalable mechanisms for detection. In this work, a new method based on bipartite graph-based feature extraction and an ensemble learning classifier containing CNN, LSTM, and GRU is introduced. Our proposed bipartite graph model is novel as the payloads constitute the first set, while the words constructing the payloads comprise the second set. This representation allows structural and contextual dependencies to be extracted so the model can recognize complex and obfuscated XSS payloads. Our method surpasses state-of-the-art methods by having 99.97% detection accuracy. It has a significantly increased ability to detect complicated payload variations by utilizing co-occurrence patterns and interdependence between smaller payload parts through the adoption of these bipartite features. In addition to improving the F1-score, recall, and precision associated with such methods, it also demonstrates the adaptability of graph-based representation in cybersecurity applications. Our findings highlight the possibility of integrating ensemble classifiers and refined feature engineering into a scalable, precise XSS detection system.

关键词： cross-site scripting attacks bipartite graph machine learning deep learning artificial neural networks web vulnerabilities cybersecurity attack detection

来源：评论

学校读者我要写书评

暂无评论

web Vulnerability Scanner 5th

Web Vulnerability Scanner

引用

5th International Conference on Advances in Information Communication Technology and Computing, AICTC 2024

作者： Kumaran, U. Sree, Pothireddy Sneha Udaya Sree, S. Sowgandhi, Vadlamudi Krishna Balasubramanian, Sundaravadivazhagn Amrita School of Computing Amrita Vishwa Vidyapeetham Bengaluru India University of Technology and Applied Sciences Al Mussanah Oman

ISBN: (纸本)9789819761050

A web vulnerabilities Scanner scans the website’s web pages for comprehensive vulnerabilities. The recently constructed web application is a dynamic site that necessitates frequent changes for both clients and the developer. The ultimate goal of the project is to uncover vulnerabilities in the relevant websites. Client-side submission of unexpected inputs is used for exploiting an extensive range of web application vulnerabilities. While it is evident that these vulnerabilities are complicated and extensive, it is unclear why, after more than a decade of work, they remain so ubiquitous. This study explores numerous types of techniques for addressing this type of danger. © The Author(s), under exclusive license to Springer Nature Singapore Pte Ltd. 2025.

关键词： Crawler Dir scan Full scanning Live hosts OWASP Scanner web vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

Analyzing the traffic of penetration testing tools with an IDS

引用

JOURNAL OF SUPERCOMPUTING 2018年第12期74卷 6454-6469页

作者： Roman Munoz, Fernando Armas Vega, Esteban Alejandro Garcia Villalba, Luis Javier Univ Complutense Madrid Fac Comp Sci & Engn Dept Software Engn & Artificial Intelligence DISI Grp Anal Secur & Syst Off 431Calle Prof Jose Garcia Santesmases 9 E-28040 Madrid Spain

Many papers have been published comparing the accuracy of automated tools in looking for vulnerabilities in web applications. In those previous studies the researchers analyze vulnerable web applications with pentesting tools and then the reports that automated tools generate are compared to each other. The aim of this work is not only to know the detection capabilities of tools, but also to know what tests are performed, which vulnerabilities they try to detect and which really has the web application. This way it can be known whether the tests carried out by automated tools are efficient and meet two important aspects of the analysis tools: the automated tool has to try to detect all vulnerabilities in the web applications if it has a feature to do it;and also they have to report all vulnerabilities that they detect.

关键词： Automatic scanner tools Cybersecurity web vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

Detection of cross-site scripting (XSS) attacks using machine learning techniques: a review

引用

ARTIFICIAL INTELLIGENCE REVIEW 2023年第11期56卷 12725-12769页

作者： Kaur, Jasleen Garg, Urvashi Bathla, Gourav Chandigarh Univ Ajitgarh Punjab India Univ Petr & Energy Studies Dehra Dun India

With the rising demand for E-commerce, Social Networking websites, it has become essential to develop security protocols over the World Wide web that can provide security and privacy to Internet users all over the globe. Several traditional encryption techniques and attack detection protocols can secure the data transmitted over public networks. However, hackers can effortlessly exploit them to acquire access to the users' sensitive information such as user ID, session ID, cookies, passwords, bank account details, contact numbers, private PINs, database information, etc. Researchers have continuously innovated new techniques to build a secure and robust system that cannot be easily hacked and manipulated. Still, there is much scope for novelty to provide security against contemporary techniques used by intruders. The motivation of this survey is to observe the recent developments in Cross-Site Scripting attacks and techniques used by researchers to secure confidential information. Cross-Site Scripting (XSS) has been recognized as one of the top 10 online application security risks by the Open web Application Security Project (OWASP) for decades. Therefore, dealing with this security flaw in web applications has become essential to avoid further personal and financial damage to Internet users and business organizations. There is a need for an extensive survey of recent XSS attack detection techniques that can provide the right direction to researchers and security professionals. We present a complete overview of recent machine learning and neural network-based XSS attack detection techniques in this paper, covering deep neural networks, decision trees, web-log-based detection models, and many more. This paper also highlights the research gaps that must be addressed while designing attack detection models. Further, challenges researchers face during the development of recent techniques are also discussed. Finally, future directions are provided to reflect on new conce

关键词： web vulnerabilities Cyber-attacks web-security Machine learning XSS attack Deep learning Neural networks

来源：评论

学校读者我要写书评

暂无评论

Enlargement of vulnerable web applications for testing

引用

JOURNAL OF SUPERCOMPUTING 2018年第12期74卷 6598-6617页

作者： Roman Munoz, Fernando Sabido Cortes, Ivan Israel Garcia Villalba, Luis Javier Univ Complutense Madrid Fac Comp Sci & Engn Dept Software Engn & Artificial Intelligence DISI Grp Anal Secur & Syst Off 431Calle Prof Jose Garcia Santesmases 9 E-28040 Madrid Spain

There are two main kinds of vulnerable web applications, usual applications developed with a specific aim and applications which are vulnerable by design. On one hand, the usual applications are those that are used everywhere and on a daily basis, and where vulnerabilities are detected, and often mended, such as online banking systems, newspaper sites, or any other web site. On the other hand, vulnerable by design web applications are developed for proper evaluation of web vulnerability scanners and for training in detecting web vulnerabilities. The main drawback of vulnerable by design web applications is that they used to include just a short set of well-known types of vulnerabilities, usually from famous classifications like the OWASP Top Ten. They do not include most of the types of web vulnerabilities. In this paper, an analysis and assessment of vulnerable web applications is conducted in order to select the applications that include the larger set of types of vulnerabilities. Then those applications are enlarged with more types of web vulnerabilities that vulnerable web applications do not ***, the new vulnerable web applications have been analyzed to check whether web vulnerability scanners are able to detect the new added vulnerabilities, those vulnerabilities that vulnerable by design web applications do not include. The results show that the tools are not very successful in detecting those vulnerabilities, less than well-known vulnerabilities.

关键词： Vulnerability scanner Vulnerable web applications web security web vulnerabilities

来源：评论

学校读者我要写书评

暂无评论

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案：

请选择收藏分类：

通借通还

建议与咨询 留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

时间限定

文献类型

馆藏选择

核心期刊

语言

文献类型

帮助

文字说明：

检索规则说明：

检索范例：

分类表

所选分类

限定检索结果

文献类型

馆藏范围

日期分布

学科分类号

主题

机构

作者

语言

请选择保存的检索档案： 新增检索档案 确定 取消

请选择收藏分类： 新增自定义分类 确定 取消

通借通还

建议与咨询留下您的常用邮箱和电话号码，以便我们向您反馈解决方案和替代方法

请选择保存的检索档案：

请选择收藏分类：