The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
In order to support large volume of transactions and number of users, as estimated by the load demand modeling, a system needs to scale in order to continue to satisfy required quality attributes. In particular, for systems exposed to the Internet, scaling up may increase the attack surface susceptible to malicious intrusions. The new proactive approach based on the concept of Moving Target Defense...
Database driven web applications are some of the most widely developed systems today. In this paper, we demonstrate use of combinatorial testing for testing database supported web applications, especially where full-text search is provided or many combinations of search options are utilized. We develop test-case selection techniques, where test strings are synthesized using characters or string fragments...
Local governments in Japan recently provide security information services for residents, which deliver regional incident information using Email or Web. However, since the conventional services usually provide “one-for-all” information. users tend to miss important incidents within the flood of information. In this paper, we propose a new security information service, called PRISM (Personalized Real-time...
Web applications commonly provide a high attack surface. In today's world of high impact attacks, protecting them against both known and unknown attacks becomes more important than ever. We present an approach of machine learning based anomaly detection to flexibly detect anomalous requests. Our approach leverages long short-term memory (LSTM) neural networks to learn a detailed model of normal requests...
In recent years, many financial sectors are evolving with huge numbers of web applications, which plays a crucial role in organizations to make important decisions. Considering this, the data has to be secured in order to prevent it from any attacks which lead to a huge loss. One of the topmost attacks in the database is SQL injection attack, is injecting some malicious query into the database causing...
Security protection is usually thought to be a separate process in web application development phases but the external security protection mechanisms are not effective to control threats and vulnerabilities in web applications. As a consequence, researchers have realized security development should be an integral part of System Development Lifecycle of web applications. This article presents a universal...
In this paper, we have tested several open source web applications against common security vulnerabilities. These vulnerabilities spans from unnecessary data member declaration to leaving gaps for SQL injection. The static security vulnerabilities testing was done in three categories (1) Dodgy code vulnerabilities (2) Malicious code vulnerabilities (3) Security code vulnerabilities on seven (7) different...
Users use the web for accessing all type of real time information. The user generates the request with required parameters that are verified at the remote end thereby allowing access to all type of resources. Such resources are extracted from more than one page. A user's interaction over a web page will differ from another with respect to the access level. The users may be classified based on the...
In recent yeas a lot of web applications have been released in the world. At the same time, cyber attacks against web application vulnerabilities have also increased. In such a situation, it is necessary to make web applications more secure. However checking all web vulnerabilities by hand is very difficult and time-consuming. Therefore, we need a web application vulnerability scanner. In this work,...
Number of security vulnerabilities in web application has grown with the tremendous growth of web application in last two decades. As the domain of Web Applications is maturing, large number of empirical studies has been reported in web applications to address the solution of vulnerable web application. However, before advancing towards finding new approaches of web applications security vulnerability...
Along with the wide use of web application, XSS vulnerability has become one of the most common security problems and caused many serious losses. In this paper, on the basis of database query language technique, we put forward a static analysis method of XSS defect detection of java web application by analyzing data flow reversely. This method first converts the JSP file to a Servlet file, and then...
Technological advancements and rapid growth in the use of the Internet by the society have had a huge impact on information security. It has triggered the need for a major shift in the way web applications are developed. The high level security of these applications is crucial to their success. Therefore, information security has become a core requirement for producing trustworthy software driven...
Nowadays, the security of applications and Web servers is a new trend that finds its need on the Web. The number of vulnerabilities identified in this type of applications is constantly increasing especially SQL injection attack. It is therefore necessary to regularly audit Web applications to verify the presence of exploitable vulnerabilities. Web vulnerability scanner WASAPY is one of the audit...
In the present world, the web is the firmest and most common medium of communication and business interchange. Every day, millions of data are loaded through various channels on the web by users and user input can be malicious. Therefore, security becomes a very important aspect of web applications. Since they are easily accessible, they are prone to many vulnerabilities which if neglected can cause...
In the Internet of services (IoS), web applications are the most common way to provide resources to the users. The complexity of these applications grew up with the number of different development techniques and technologies used. Model-based testing (MBT) has proved its efficiency in software testing but retrieving the corresponding model of an application is still a complex task. In this paper,...
The SPaCIoS project has as goal the validation and testing of security properties of services and web applications. It proposes a methodology and tool collection centered around models described in a dedicated specification language, supporting model inference, mutation-based testing, and model checking. The project has developed two approaches to reverse engineer models from implementations. One...
With the development of Web application, cross-site scripting attacks have been rapidly increasing, and the technique of those attacks is constantly updating. There has been some special advanced attacks such as the one based on encoding. In this paper we analyze two kinds of those attacks respectively based on the binary and N-ray alphabets encoding, then presents a dynamically access control method...
Due to the ubiquity of web browsers and the dramatic development of dynamic web pages, web applications become the most popular computing model for providing services over the Internet. Unfortunately, this type of systems is vulnerable to the attacks issued by automated programs. CAPTCHA, a challenge-response test, is the most widely used mechanism to protect web application systems from attacks issued...
Recently, attacks on corporate websites are increasing and personal information on websites faces growing risks. Most developers are making efforts to establish secure system development processes. However, they have trouble with practice because they are busy and short of time or human resources. This paper describes a cooperative secure integration process that the authors actualize for secure system...
Based on the comprehensively analysis of the security threats to the Web applications, the Cold Fusion-based Web Application Firewall is presented, and it's implemented with CFML. The test results show that the firewall can effectively block various malicious attacks against the application layer, such as SQL injection, XSS, etc., and protect the Cold Fusion-based Web applications.
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.