356 Hits in 4.7 sec

Evolutionary Multi-Task Injection Testing on Web Application Firewalls [article]

Ke Li, Heng Yang, Willem Visser
2022 arXiv   pre-print
Web application firewall (WAF) plays an integral role nowadays to protect web applications from various malicious injection attacks such as SQL injection, XML injection, and PHP injection, to name a few  ...  The model is then used by a novel multi-task evolutionary algorithm to co-evolve test inputs for different types of injection attacks facilitated by a shared mating pool and domain-specific mutation operators  ...  An unified and state-of-the-practice solution to injection attacks is the use of a web application firewall (WAF) [2] , which is a special type of application firewall that has been widely adopted to  ... 
arXiv:2206.05743v1 fatcat:e7utehl6mbgz5efjxsxaoxwht4

A Web-Based Honeypot in IPv6 to Enhance Security

Keyong Wang, Mengyao Tong, Dequan Yang, Yuhang Liu
2020 Information  
In this manner, and to protect web-based applications from attacks, this article introduces the design and implementation of a web-based honeypot that includes a weak password module and an SQL inject  ...  There is a firewall outside the test system environment, so the obtained data should be used as the real invasion data, and the captured behavior is not a false positive.  ...  SQL injection is accessed from a normal port, and it looks no different from ordinary web page access. Therefore, firewalls on the market will not warn about SQL injection.  ... 
doi:10.3390/info11090440 fatcat:pxa2eowohvetpmhm74jagafh3a

Automatically Repairing Web Application Firewalls Based on Successful SQL Injection Attacks

Dennis Appelt, Annibale Panichella, Lionel Briand
2017 2017 IEEE 28th International Symposium on Software Reliability Engineering (ISSRE)  
Testing and fixing Web Application Firewalls (WAFs) are two relevant and complementary challenges for security analysts.  ...  Our empirical evaluation based on both open-source and proprietary WAFs shows that the generated filter rules are effective at blocking previously identified and successful SQL injection attacks (recall  ...  Nguyen for his feedback on a preliminary draft of this paper.  ... 
doi:10.1109/issre.2017.28 dblp:conf/issre/AppeltPB17 fatcat:psktpcqgbfa4hgdz5ujkx3dkya

A Machine-Learning-Driven Evolutionary Approach for Testing Web Application Firewalls

Dennis Appelt, Cu D. Nguyen, Annibale Panichella, Lionel C. Briand
2018 IEEE Transactions on Reliability  
Web application firewalls (WAF) are an essential protection mechanism for online software systems.  ...  We present ML-Driven, an approach based on machine learning and an evolutionary algorithm to automatically detect holes in WAFs that let SQL injection attacks bypass them.  ...  Web Application Firewalls. Web applications with high security requirements are commonly protected by WAFs.  ... 
doi:10.1109/tr.2018.2805763 fatcat:5iua3xo3rffxxpxfaeaf7pccae

Machine Learning Based Model to Identify Firewall Decisions to Improve Cyber-Defense

Qasem Abu Al-Haija, Abdelraouf Ishtaiwi
2021 International Journal on Advanced Science, Engineering and Information Technology  
Accordingly, the firewall system proceeds with either to "allow," "deny," or "drop/reset" the incoming packet.  ...  Ultimately, the proposed system outpaced many existing up-to-date firewall classification systems in the same area of study.  ...  [17] presented a machine learning and evolutionary algorithm-based approach to spontaneously identify the holes in communication networks via Web application firewalls (WAFs) due to SQL injection attacks  ... 
doi:10.18517/ijaseit.11.4.14608 fatcat:mrpa7fsaibhjjd4zv6h7777nu4

Security Patterns for Connected and Automated Automotive Systems*

Betty H. C. Cheng, Bradley Doherty, Nicholas Polanco, Matthew Pasco
2020 Journal of Automotive Software Engineering  
system performance necessitate application-specific design strategies [8] .  ...  Security design patterns have been developed for many application domains (e.g., enterprise systems, networking systems, and distributed systems), but not much has been explored for automotive systems.  ...  Murray, and other industrial collaborators for their valuable feedback on this work.  ... 
doi:10.2991/jase.d.200826.001 fatcat:yruvzyg2avbvvbmb2nolgdad64

SQL Injection Attacks Predictive Analytics Using Supervised Machine Learning Techniques

Akinsola Jide E. T., Awodele Oludele, Idowu Sunday A., Kuyoro Shade O.
2020 International Journal of Computer Applications Technology and Research  
Structured Query Language Injection Attack (SQLIA) is one of the most prevalent cyber attacks against web-based application vulnerabilities; that are manipulated through injection techniques to gain access  ...  ML approach can be used to mitigate a very hard blind SQL injection attack.  ...  task.  ... 
doi:10.7753/ijcatr0904.1004 fatcat:irmkqktyvna5fet345xtzhxif4

Systematic Literature Review over IDPS, Classification and Application in its Different Areas

Shehroz Afzal, Jamil Asim
Firewalls, antivirus, and intrusion detection systems are used to protect the network. The firewall can control network traffic, but reliance on this type of security alone is not enough.  ...  Attackers use open ports such as port 80 of the web server (http) and port 110 of the POP server to infiltrate networks.  ...  For testing, five Honeypot web applications were developed using PHP and MySQL (Kar et al., 2015) .  ... 
doi:10.52700/scir.v3i2.58 fatcat:xrczlxjg5ncclf2ftxyw3y5zce

Automatic Generation of Tests to Exploit XML Injection Vulnerabilities in Web Applications

Sadeeq Jan, Annibale Panichella, Andrea Arcuri, Lionel Briand
2017 IEEE Transactions on Software Engineering  
., a web page or a mobile app). Although the interactions with such entry point might be secure, a hacker could trick such systems to send malicious inputs to those internal web services.  ...  Modern enterprise systems can be composed of many web services (e.g., SOAP and RESTful).  ...  Nguyen for his contributions in our previous work on which we built on.  ... 
doi:10.1109/tse.2017.2778711 fatcat:l5tbdpn6ufgvzinjmrse5qhvqm

A Survey of Intrusion Detection System

Wanda P
2020 International Journal of Informatics and Computation  
It consists of Web Application, Cloud Environment, Internet of Things (IoT), Mobile Ad-Hoc Network (MANET), Wireless Sensor Network (WSN) and Voice over Internet Protocol (VOIP)  ...  In this paper, we presented a survey on intrusion detection systems (IDS) in several areas.  ...  Intrusion Detection for Web Application Web servers are considered as an important test environment for intrusion detection.  ... 
doi:10.35842/ijicom.v1i1.7 fatcat:igdlmx2ctbfdlb7se5fagl2m34


D. Ashok Kumar
2017 International Journal of Advanced Research in Computer Science  
P. in the year 1980, it has gained lots of importance in the recent years because of the recent attacks on the IT infrastructure.  ...  The main objective of this study is to examine the existing literature on various approaches for Intrusion Detection in particular Anomaly Detection, to examine their conceptual foundations, to taxonomize  ...  of web application vulnerabilities.  ... 
doi:10.26483/ijarcs.v8i8.4703 fatcat:gbd4sfehwjd6vktthnlp7jfhoa

Security issues in cloud environments: a survey

Diogo A. B. Fernandes, Liliana F. B. Soares, João V. Gomes, Mário M. Freire, Pedro R. M. Inácio
2013 International Journal of Information Security  
This paper surveys the works on cloud security issues, making a comprehensive review of the literature on the subject.  ...  Besides of the issues derived from web technologies and the Internet, clouds introduce new issues that should be cleared out first in order to further allow the number of cloud deployments to increase.  ...  Successful examples of both SOAPAction spoofing and XML injection attacks are presented on a .NET web service.  ... 
doi:10.1007/s10207-013-0208-7 fatcat:55o67epb6zfspchxuzvuduzr4a

Survey on synchrophasor data quality and cybersecurity challenges, and evaluation of their interdependencies

2018 Journal of Modern Power Systems and Clean Energy  
Device, Aggregator, Communication Regular penetration testing of all levels Data abstraction, multi-layered architecture Data redundancy for fault tolerance Augmenting firewalls, ACLs, VPNs  ...  NASPI's research initiative task force (RITT) emphasizes optimal placement as a significant challenge but also one dependent on the nature of applications the utility intends to use them for [18] .  ...  His specialization is computer engineering and data science, and has been involved in multiple projects on data analytics, programming and application developing in the areas of smart grid cybersecurity  ... 
doi:10.1007/s40565-018-0473-6 fatcat:sw5vt7jdvjc3jml7ylpx3kp2ja

Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey [article]

Abdelhakim Hannousse and Salima Yahiouche and Mohamed Cherif Nait-Hamoud
2022 arXiv   pre-print
Cross-site scripting (XSS) is one of the major threats menacing the privacy of data and the navigation of trusted web applications.  ...  While new technologies enable complex interactions and data exchanges between clients and servers in the network, new programming styles introduce new and complicate injection flaws to web applications  ...  They enable testing web applications on real-time scenarios. Dynamic analysis methods focus on information acquired at runtime.  ... 
arXiv:2205.08425v2 fatcat:mz2upyb3d5ekllmw66t7s4rsom

Security Analysis of IoT Networks and Platforms

Stephen Ugwuanyi, James Irvine
2020 2020 International Symposium on Networks, Computers and Communications (ISNCC)  
Based on the findings from our recent LPWANs IoT testbeds and their operational performance in certain use case scenarios, this paper summarizes the key wireless technology security requirements for IoT  ...  We first compare the security requirements of legacy and emerging IoT technologies as it relates to smart city applications and examined the effectiveness of the existing countermeasure opportunities as  ...  Web platforms are few of either in an open and closed solution and the choice is mostly based on the application needs and costs. The selection of the right platforms is based on various reasons.  ... 
doi:10.1109/isncc49221.2020.9297267 fatcat:dpqdngrusnewtcgqghna6nvgsu
« Previous Showing results 1 — 15 out of 356 results