Defending Against Web Application Attacks: Approaches, Challenges and Implications
Autor: | Panos Louridas, Dimitris Mitropoulos, Angelos D. Keromytis, Michalis Polychronakis |
---|---|
Rok vydání: | 2019 |
Předmět: |
021110 strategic
defence & security studies SQL Exploit business.industry Computer science 0211 other engineering and technologies Language code 02 engineering and technology Computer security computer.software_genre Web application security SQL injection Scripting language Key (cryptography) Web application Electrical and Electronic Engineering business computer computer.programming_language |
Zdroj: | IEEE Transactions on Dependable and Secure Computing. 16:188-203 |
ISSN: | 2160-9209 1545-5971 |
Popis: | Some of the most dangerous web attacks, such as Cross-Site Scripting and sql injection, exploit vulnerabilities in web applications that may accept and process data of uncertain origin without proper validation or filtering, allowing the injection and execution of dynamic or domain-specific language code. These attacks have been constantly topping the lists of various security bulletin providers despite the numerous countermeasures that have been proposed over the past 15 years. In this paper, we provide an analysis on various defense mechanisms against web code injection attacks. We propose a model that highlights the key weaknesses enabling these attacks, and that provides a common perspective for studying the available defenses. We then categorize and analyze a set of 41 previously proposed defenses based on their accuracy, performance, deployment, security, and availability characteristics. Detection accuracy is of particular importance, as our findings show that many defense mechanisms have been tested in a poor manner. In addition, we observe that some mechanisms can be bypassed by attackers with knowledge of how the mechanisms work. Finally, we discuss the results of our analysis, with emphasis on factors that may hinder the widespread adoption of defenses in practice. |
Databáze: | OpenAIRE |
Externí odkaz: |