Security Analysis of FileZilla Server Using Threat Models
نویسندگان
چکیده
FTP is a widely used protocol for working with remote file systems. Various FTP implementations have had security problems reported as late as 2010. There lacks a systematic analysis of FTP security. In this paper, threat models are built to provide a systematic coverage of potential security attacks against an FTP server. Security tests are then generated from the threat models and applied to FileZilla Server, a popular FTP server implementation. When FileZilla Server is properly deployed, it holds fast against our security attacks. To further evaluate the effectiveness, the security tests are used to exercise a number of security mutants of FileZilla Server where various vulnerabilities are injected deliberately. The security tests have detected all but one of the injected vulnerabilities. This indicates that the threat model-based approach to security analysis of FileZilla Server is effective. KeywordsSecurity testing, FTP, threat modeling, threat tree, mutation testing
منابع مشابه
ملزومات امنیتی پیادهسازی IMS SIP سرور امن
IMS (IP Multimedia Subsystem) network is considered as an NGN (Next Generation Network) core networks by ETSI. Decomposition of IMS core network has resulted in a rapid increase of control and signaling message that makes security a required capability for IMS commercialization. The control messages are transmitted using SIP (Session Initiation Protocol) which is an application layer protocol. ...
متن کاملA Novel Approach for Security Testing of Client Server Based Applications using Misuse Deployment Diagrams, Misuse Cases and Threat Trees
Security testing is one of the most important security practices today. To secure an application it’s important to go for a security testing phase during the development life cycle. Many useful enhancements are done using UML diagrams to model security like Misuse cases, Mis-sequence diagrams and Misuse deployment diagrams etc. Misuse deployment diagrams can be used to model a client server env...
متن کاملDetecting Bot Networks Based On HTTP And TLS Traffic Analysis
Abstract— Bot networks are a serious threat to cyber security, whose destructive behavior affects network performance directly. Detecting of infected HTTP communications is a big challenge because infected HTTP connections are clearly merged with other types of HTTP traffic. Cybercriminals prefer to use the web as a communication environment to launch application layer attacks and secretly enga...
متن کاملAgricultural crop growth modelling: a tool for dealing with the threat of climate change affecting food security (case study for greenhouse tomato)
Climate change and essentiality of the food security have motived scientists to try innovative approaches, among which, crop growth models can help to predict crop yield. In order to simulate tomato (Solanum lycopersicum) growth, phenological characteristics of a short-life variety of tomato were assessed. Phenologic characteristics included leaf area index (LAI), specific leaf area (S...
متن کاملThreat Modelling for SQL Servers - Designing a Secure Database in a Web Application
In this paper we present the results from an analysis focusing on security threats that can arise against an SQL server when included in Web application environments. The approach used is based on the STRIDE classification methodology. The results presented provide also some general guidelines and countermeasures against the different attacks that can exploit the identified
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2011