The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
This paper presents a field study on Web security vulnerabilities from the programming language type system perspective. Security patches reported for a set of 11 widely used Web applications written in strongly typed languages (Java, C#, VB.NET) were analyzed in order to understand the fault types that are responsible for the vulnerabilities observed (SQL injection and XSS). The results are analyzed...
In the last decade, substantial progress has been made in Internet and Web-based technologies. Applications related to education, health care, banking, or even social actions between individuals and groups, can highly benefit with the use of these technologies. However, computer attacks can drastically compromise web users' privacy. The spreading of Spyware in Internet applications is a proper example...
This paper focuses on reducing consumers' perceived risk through Website service quality cues in C2C e-commerce trading. It reveals a negative correlation between consumers' perceived risk and Website service quality in C2C E-commerce trading, and explores the internal composition of this relationship. Functional, physical, service, and psychological risks are found to be negatively affected mainly...
Many Websites on the Internet are based on database, especially Websites which use database to display the pages actively such as ASP, PHP and JSP. However, because of SQL attack, people pay much attention to the security of database on the Internet. Different from many protection systems deployed between Web servers and Internet, this article designed a database protection system between Web server...
With the increasing of the amount of Internet information, there are different kinds of Web crawlers fetching information from websites at anytime, anywhere, some of which are fetching information normally and some are attacking Web sites based upon application level and then causing the breakdown of servers, For a Web site, how to distinguish different kinds of crawlers effectively and accurately...
Web sites that incorporate untrusted content may use browser- or language-based methods to keep such content from maliciously altering pages, stealing sensitive information, or causing other harm. We study language-based methods for filtering and rewriting JavaScript code, using Yahoo! ADSafe and Facebook FBJS as motivating examples. We explain the core problems by describing previously unknown vulnerabilities...
Timeout mechanisms are a useful feature for web applications. However, these mechanisms need to be used with care because, if used as-is, they are vulnerable to timing attacks. This paper focuses on internal timing attacks, a particularly dangerous class of timing attacks, where the attacker needs no access to a clock. In the context of client-side web application security, we present JavaScript-based...
Client honeypots are security devices designed to find servers that attack clients. High-interaction client honeypots (HICHPs) classify potentially malicious Web pages by driving a dedicated vulnerable Web browser to retrieve and classify these pages. Considering the size of the Internet, the ability to identify many malicious Web pages is a crucial task. HICHPs, however, present challenges: They...
This paper presents a new method to assess usability, security, and e-commerce requirements of websites. Previous research works propose a list of primary requirements for human-computer interaction, security, and e-commerce in an independent way, but they do not integrate these three aspects into a single evaluation method. We present an overview of these basic requirements, which are subsequently...
Due to the increasing amount of Web sites offering features to contribute rich content, and the frequent failure of Web developers to properly sanitize user input, cross-site scripting prevails as the most significant security threat to Web applications. Using cross-site scripting techniques, miscreants can hijack Web sessions, and craft credible phishing sites. Previous work towards protecting against...
During the last years, the growth of e-commerce has been considerable due to the increase of user confidence in secure electronic payment. Many web services have been developed and some decided to establish links of confidence, also called circles of trust. A user that accesses a web service in a circle of trust can also access other web services of the circle without additional authentication. In...
The Internetpsilas interdomain-routing system is extremely vulnerable to accidental failure, configuration errors, and malicious attack. Any successful approach to improving interdomain-routing security must satisfy two requirements for incremental deployability: backwards compatibility with the existing routing protocol and installed base of routers and incentive compatibility with the desire of...
This paper presents patterns for privacy policies to be used in web sites, in particular e-commerce and e-business sites. Because of their financial aspects, the users accessing those sites need to provide personal information, and expect integrity, security, and privacy. The patterns are derived from a study of the 33 most accessed e-commerce sites in Brazil, where it was possible to observe that...
Typically, users of Web content management systems lack expert knowledge of the technology itself, let alone the security issues therein. Complicating the matter, WCMS vulnerabilities are attractive targets for potential attackers. A security analysis of two popular, open-source WCMSs exposed significant security holes, despite the obvious efforts of their developer communities. These vulnerabilities...
Web site defacement has become a common threat for organizations exposed on the Web. Several statistics indicate the occurrence rate of these incidents but not how long these defacements typically last. The authors present the results of a two-month study of more than 62,000 defacements to determine whether and when a reaction to a defacement occurs. Such reaction times tend to be unacceptably long...
In various computer security settings, such as when customers use the same passwords at several independent Web sites, security decisions made by one organization may have significant impact on the security of another. We develop a model for security decision-making in inter-dependent organizations described by a linear influence network. In this model, a matrix represents how one organization's investments...
The 3 most important issues for anomaly detection based intrusion detection systems by using data mining methods are: feature selection, data value normalization, and the choice of data mining algorithms. In this paper, we study primarily the feature selection of network traffic and its impact on the detection rates. We use KDD CUP 1999 dataset as the sample for the study. We group the features of...
In this paper, we study the problem of anomaly detection in high-dimensional network streams. We have developed a new technique, called Stream Projected Outlier deTector (SPOT), to deal with the problem of anomaly detection from high-dimensional data streams. We conduct a case study of SPOT in this paper by deploying it on 1999 KDD Intrusion Detection application. Innovative approaches for training...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.