The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Due to the immense popularity of the internet, usage of web application has expanded. Since extremely sensitive information are being exchanged via web applications every day, they have become a playground for cyber criminals to steal data and to use them for malicious purposes. In this paper, we present an efficient integrated penetration testing tool to detect five of the top ten web application...
Although a large research effort on web application security has been going on for more than a decade, the security of web applications continues to be a challenging problem. An important part of that problem derives from vulnerable source code, often written in unsafe languages like PHP. Source code static analysis tools are a solution to find vulnerabilities, but they tend to generate false positives,...
As the attacks on the website and domain names are increasing day by day it becomes very important for various verticals in the country to be secured against the deadly attacks which can hamper the operations of the web traffic in the country and its verticals. XSS is one such attack which is more frequently tried on the websites to gain information and data which is relevant to the attacker from...
In an attempt to support customization, many web applications allow the integration of third-party server-side plugins that offer diverse functionality, but also open an additional door for security vulnerabilities. In this paper we study the use of static code analysis tools to detect vulnerabilities in the plugins of the web application. The goal is twofold: 1) to study the effectiveness of static...
Web applications have become a very popular means of developing software. This is because of many advantages of web applications like no need of installation on each client machine, centralized data, reduction in business cost etc. With the increase in this trend web applications are becoming vulnerable for attacks. Cross site scripting (XSS) is the major threat for web application as it is the most...
Over the last fifteen years, Web applications have evolved from the early simple and hyper-text based ones into the more complex, interactive, usable and adaptive applications of the new generations. New paradigms, architectures, and technologies for developing Web-based systems continuously emerge and transform this specific context. At the same time, new techniques and tools for effectively testing...
Web programming courses typically contain the “how to implement functionality” of developing web applications, and writing a simple one is not very difficult. But this leads to lots of security problems, as therefore such applications are commonly very insecure, which is not only a problem for the site itself but also for others, e.g. visitors (distributing malware) or third parties (using the servers...
This paper deals with an original approach to automate Model-Based Vulnerability Testing (MBVT) for Web applications, which aims at improving the accuracy and precision of vulnerability testing. Today, Model-Based Testing techniques are mostly used to address functional features. The adaptation of such techniques for vulnerability testing defines novel issues in this research domain. In this paper,...
This paper presents my Ph.D. research that focuses on developing concepts and techniques for Model-Based Vulnerability Testing (MBVT) of Web Applications. This research bridges the gap between MBT techniques, which are usually addressed to functional testing, and vulnerability testing, which is mostly done manually or with the assistance of Web Vulnerability Scanners, both techniques having several...
Cloud computing is gaining momentum in part because it enables a distributed systems infrastructure that offers more advantages than traditional ones. It provides a hosted environment of virtualized hardware, effectively unlimited storage, and software services that can aid in system development and deployment. This session is the fourth in a series of special events held at WSE focused on selected...
This paper offers a fresh perspective on the aspect of application security, highlighting a sample attack that is not currently being protected against. Here is a case study which discussed identifying poor coding practices that render Web applications vulnerable to attacks such as remote command execution. Given the increased focus on the need for application security, it is now to be hoped that...
Web applications are vulnerable to a variety of new security threats. SQL injection attacks (SQLIAs) are one of the most significant of such threats. Researchers have proposed a wide variety of anomaly detection techniques to address SQLIAs, but all existing solutions have limitations in terms of effectiveness and practicality. %In particular, We claim that the main cause of such limitations is reliance...
Web applications can only be accessed through dedicated client systems called Web browsers. The behaviors of Web browser interactions influence the security, functionalities and navigation of Web applications. Modeling and testing Web applications should take them into account. In this paper, special care on Web browser interactions is paid and an approach to modeling on-the-fly navigation models...
Ensuring that a Web-based system respects its security requirements is a critical issue that has become more and more difficult to perform in these last years. This difficulty is due to the complexity level of such systems as well as their variety and increasing distribution. To guarantee such a respect, we need to test the target Web system by applying a complete set of test cases covering all the...
We present a platform for software security testing primarily designed to support human testers in discovering injection flaws in distributed systems. Injection is an important class of security faults, caused by unsafe concatenation of input into strings interpreted by other components of the system. Examples include two of the most common security issues in Web applications, SQL injection and cross...
Input manipulation attacks are becoming one of the most common attacks against Web applications and Web services security. As the use of firewalls and other security mechanisms are not effective against application-level attacks, new means of defense are needed. This paper presents a framework proposal to solve this problem, securing applications against input manipulation attacks. The proposed mechanism...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.