Corpus ID: 67791081

A Study of Various Approaches to Assess and Provide Web based Application Security

  title={A Study of Various Approaches to Assess and Provide Web based Application Security},
  author={Dhanya Pramod},
World Wide Web has grown in leaps and bounds and provides a promising platform for hosting applications. The web applications are developed without being taking care the criticality of security aspects and thus prone to attacks. The various efforts made by researchers and open forums would help to develop secure web application development, deployment and maintenance. This paper brings forth various aspects and work done to incorporate security in web based applications. An overview of security… Expand
Security Assessment Automation Framework: Web Applications
The security of the Web applications has increased rapidly over the last years. At a same time, the quantity and impact of the vulnerabilities in the Web applications have grown as well. Since theExpand
A Strategic Approach Using Governance, Risk and Compliance Model to Deal with Online Counterfeit Market
This paper has analyzed the factors that influence online counterfeit market to flourish, the present policies, framework and strategies available to deal with this threat, and created a Governance Risk Compliance model at al level to dealWith online counterfeiting. Expand
Developing an Information Security Risk Taxonomy and an Assessment Model using Fuzzy Petri Nets
The authors propose a model to assess the risks and benefits of the Fuzzy-PetriNets(FPN) model, which can be applied also to the taxonomy and quantification. Expand


Abstracting application-level web security
A scalable structuring mechanism facilitating the abstraction of security policies from large web-applications developed in heterogenous multi-platform environments is described and a tool which assists programmers develop secure applications which are resilient to a wide range of common attacks is presented. Expand
SecuBat: a web vulnerability scanner
SecuBat, a generic and modular web vulnerability scanner that, similar to a port scanner, automatically analyzes web sites with the aim of finding exploitable SQL injection and XSS vulnerabilities is developed. Expand
WASP: Protecting Web Applications Using Positive Tainting and Syntax-Aware Evaluation
A new highly automated approach for protecting Web applications against SQL injection that has both conceptual and practical advantages over most existing techniques is presented and implemented in the Web application SQL-injection preventer tool. Expand
A Comparison of Publicly Available Tools for Dynamic Buffer Overflow Prevention
This thesis contributes to three research areas in software security, namely security requirements and intrusion prevention via static analysis and runtime detection, and proposes decorated dependence graphs as a way of modeling and pattern matching security properties of code. Expand
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
The construction and design of a static analysis framework (called SAFELI) for identifying SIA vulnerabilities at compile time is proposed, which has the future potential to discover more delicate SQL injection attacks than black-box Web security inspection tools. Expand
The Automatic Defense Mechanism for Malicious Injection Attack
  • Jin-Cherng Lin, Jan-Min Chen
  • Computer Science
  • 7th IEEE International Conference on Computer and Information Technology (CIT 2007)
  • 2007
A defense mechanism is developed that can automatically produce a proper input validation function on security gateway to filter malicious injection, and has proved their efficiency to avoid malicious injection attack. Expand
A proposal and implementation of automatic detection/collection system for cross-site scripting vulnerability
A client-side system that automatically detects XSS vulnerability by manipulating either request or server response, and shares the indication of vulnerability via a central repository to warn the Web servers with XSS vulnerabilities is proposed. Expand
Detecting Service Violations and DoS Attacks
A quantitative comparison among all schemes is conducted, in which, the merits of each scheme are highlighted and the overhead introduced by it is estimated and a new distributed scheme to reduce monitoring overhead is proposed. Expand
Application-level Web security
Application-level Web security refers to vulnerabilitys inherent in the code of a Web-application, and with the development of e-Business, application-level vulnerabilities have been exploited with serious consequences. Expand
Incorporating Security Behaviour into Business Models Using a Model Driven Approach
  • P. Linington, P. Liyanagama
  • Computer Science
  • 11th IEEE International Enterprise Distributed Object Computing Conference (EDOC 2007)
  • 2007
This paper investigates the way behaviour from the different sources can be combined and integrated into a single design model, and involves transformations that weave together the constraints from the various aspects and are more complex to specify than the linear pipelines of transformations used in most MDE work to date. Expand