An automated black box approach for web vulnerability identification and attack scenario generation
نویسندگان
چکیده
منابع مشابه
Why Johnny Can't Pentest: An Analysis of Black-Box Web Vulnerability Scanners
Black-box web vulnerability scanners are a class of tools that can be used to identify security issues in web applications. These tools are often marketed as “point-and-click pentesting” tools that automatically evaluate the security of web applications with little or no human support. These tools access a web application in the same way users do, and, therefore, have the advantage of being ind...
متن کاملAn Efficient Black-box Technique for Defeating Web Application Attacks
Over the past few years, injection vulnerabilities have become the primary target for remote exploits. SQL injection, command injection, and cross-site scripting are some of the popular attacks that exploit these vulnerabilities. Taint-tracking has emerged as one of the most promising approaches for defending against these exploits, as it supports accurate detection (and prevention) of popular ...
متن کاملSmallpox: An attack scenario.
Smallpox virus, which is among the most dangerous organisms that might be used by bioterrorists, is not widely available. The international black market trade in weapons of mass destruction is probably the only means of acquiring the virus. Thus, only a terrorist supported by the resources of a rogue state would be able to procure and deploy smallpox. An attack using the virus would involve rel...
متن کاملAttack Patterns for Black-Box Security Testing of Multi-Party Web Applications
The advent of Software-as-a-Service (SaaS) has led to the development of multi-party web applications (MPWAs). MPWAs rely on core trusted third-party systems (e.g., payment servers, identity providers) and protocols such as Cashier-as-aService (CaaS), Single Sign-On (SSO) to deliver business services to users. Motivated by the large number of attacks discovered against MPWAs and by the lack of ...
متن کاملReal-Time intrusion detection alert correlation and attack scenario extraction based on the prerequisite consequence approach
Alert correlation systems attempt to discover the relations among alerts produced by one or more intrusion detection systems to determine the attack scenarios and their main motivations. In this paper a new IDS alert correlation method is proposed that can be used to detect attack scenarios in real-time. The proposed method is based on a causal approach due to the strength of causal methods in ...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Journal of the Brazilian Computer Society
سال: 2014
ISSN: 0104-6500,1678-4804
DOI: 10.1186/1678-4804-20-4