File Name: web application security assessment by fault injection and behavior monitoring .zip
Skip to search form Skip to main content You are currently offline. Some features of the site may not work correctly. Petukhov and D. Petukhov , D. Kozlov Published Computer Science. The number of reported web application vulnerabilities is increasing dramatically.
AbstractSQL Injection is a technique of introducing malicious code into entry fields. This is one of the attacking methods used by hackers to steal the information of organizations. Security of databases is still an open challenge. SQL injection is a major threat to our web application which gives the unauthorized access to sensitive information of the database to the attackers. Researchers and practitioners have proposed various methods to address the SQL injection problem, current approaches either fail to address the full scope of the problem or have limitations that prevent their use and adoption. Many researchers and practitioners are familiar with only a subset of the wide range of techniques available to attackers who are trying to take advantage of SQL injection vulnerabilities. As a consequence, many solutions proposed in the literature address only some of the issues related to SQL injection.
PL EN. Widoczny [Schowaj] Abstrakt. Adres strony. Theoretical and Applied Informatics. Singh, J.
As a large and complex application platform, the World Wide Web is capable of delivering a broad range of sophisticated applications. However, many Web applications go through rapid development phases with extremely short turnaround time, making it difficult to eliminate vulnerabilities. Here we analyze the design of Web application security assessment mechanisms in order to identify poor coding practices that render Web applications vulnerable to attacks such as SQL injection and cross-site scripting. We describe the use of a number of software-testing techniques including dynamic analysis, black-box testing, fault injection, and behavior monitoring , and suggest mechanisms for applying these techniques to Web applications. ACM has opted to expose the complete List rather than only correct and linked references. Eskin E. Mancini, Operating system enhancements to prevent the misuse of system calls, Proceedings of the 7th ACM conference on Computer and communications security, p.
An SQL injection attack is one of the most serious security threats to web applications. It allows an attacker to access the underlying database and execute arbitrary commands, which may lead to sensitive information disclosure. The primary way to prevent SQL injection attacks is to sanitize the user-supplied input. However, this is usually performed manually by developers and so is a laborious and error-prone task. In this paper, we present our technique called Sania, which performs efficient and precise penetration testing by dynamically generating effective attacks through investigating SQL queries. Since Sania is designed to be used in the development phase of web applications, it can intercept SQL queries. By analyzing the SQL queries, Sania automatically generates precise attacks and assesses the security according to the context of the potentially vulnerable slots in the SQL queries.
In software testing , fault injection is a technique for improving the coverage of a test by introducing faults to test code paths, in particular error handling code paths, that might otherwise rarely be followed. It is often used with stress testing and is widely considered to be an important part of developing robust software. The propagation of a fault through to an observable failure follows a well-defined cycle. When executed, a fault may cause an error, which is an invalid state within a system boundary. An error may cause further errors within the system boundary, therefore each new error acts as a fault, or it may propagate to the system boundary and be observable.
Modern web development has many challenges, and of those security is both very important and often under-emphasized. While such techniques as threat analysis are increasingly recognized as essential to any serious development, there are also some basic practices which every developer can and should be doing as a matter of course. Cade Cairns is a software developer with a passion for security. He has experience leading teams creating everything from enterprise applications to security testing software, mobile applications, and software for embedded devices. At the moment his primary focus is on helping improve how security concerns are addressed during the solution delivery lifecycle.
Today the internet has become primary source of communication among people because it holds limitless space and pool of various web applications and resources. The internet allows us to communicate in a fraction of second with another people who is sitting in the other part of the world. At present, the internet has become part of our daily life and its usage is increasing exponentially, therefore it accumulates a number of web applications on daily basis on Web podium. Most of the web applications exist with few weaknesses and that weaknesses give room to several bad buys hackers to interrupt that weak part of code in web applications. Our proposed method can automatically analyze websites with the aim of finding web vulnerabilities.
Reviewers who provide timely and substantial comments will receive a discount voucher entitling them to an APC reduction. Vouchers worth of 25 EUR or 50 EUR, depending on the review quality will be assigned to reviewers after the final decision of the reviewed paper is given. Vouchers issued to specific individuals are not transferable. No exceptions will be accepted.
Skip to search form Skip to main content You are currently offline. Some features of the site may not work correctly. DOI: This paper proposes a novel visual model for web applications security monitoring.
Scientific Research An Academic Publisher. From this attack, the attacker can take control of the database therefore be able to interpolate the data from the database server for the website. Hence, the big challenge became to secure such website against attack via the Internet. We have presented different types of attack methods and prevention techniques of SQLIA which were used to aid the design and implementation of our model.
Web application injection attacks such as cross site scripting and SQL injection are common and problematic for enterprises. In order to defend against them, practitioners with large heterogeneous system architectures and limited resources struggle to understand the effectiveness of different countermeasures under various conditions. This paper presents an enterprise architecture metamodel that can be used by enterprise decision makers when deciding between different countermeasures for web application injection attacks. The scope of the model is to provide low-effort guidance on an abstraction level of use for an enterprise decision maker. This metamodel is based on a literature review and revised according to the judgment by six domain experts identified through peer-review. Unable to display preview.
Web Application Security Assessment by Fault Injection. and Behavior Monitoring. Yao-Wen Huang, Shih-Kun Huang,. and Tsung-Po Lin.
To browse Academia.