Security policy framework and algorithms for web server content protection
نویسندگان
چکیده
A significant web security issue facing Internet users and organizations is the securing of web content against unauthorised tampering. Users must be comfortable with the security offered by web applications that sensitive web-based services. Some progress has been made in addressing the verification of web server content integrity, but current solutions are restricted by the limitations of the SSL protocol, the statelessness of HTTP, blind security mechanisms which is based on ad-hoc models, and difficulties with automatic code analysis. We present a web security real-time framework, a state protocol of web policies, and a number of particular algorithms that they can used to verify and protect the static and dynamic web content against unauthorised tampering. It is suggested that such a framework will offer a higher level of user confidence, and web service survivability.
منابع مشابه
Static Enforcement of Web Application Integrity Through Strong Typing
Security vulnerabilities continue to plague web applications, allowing attackers to access sensitive data and co-opt legitimate web sites as a hosting ground for malware. Accordingly, researchers have focused on various approaches to detecting and preventing common classes of security vulnerabilities in web applications, including anomaly-based detection mechanisms, static and dynamic analyses ...
متن کاملبهینهسازی اجرا و پاسخ صفحات وب در فضای ابری با روشهای پیشپردازش، مطالعه موردی سامانههای وارنیش و انجینکس
The response speed of Web pages is one of the necessities of information technology. In recent years, renowned companies such as Google and computer scientists focused on speeding up the web. Achievements such as Google Pagespeed, Nginx and varnish are the result of these researches. In Customer to Customer(C2C) business systems, such as chat systems, and in Business to Customer(B2C) systems, s...
متن کاملA Distributed Content-Based Search Engine Based on Mobile Code and Web Service Technology
Current search engines crawl the Web, download content, and digest this content locally. For multimedia content, this involves considerable volumes of data. Furthermore, this process covers only publicly available content because content providers are concerned that they otherwise loose control over the distribution of their intellectual property. We present the prototype of our secure and dist...
متن کاملVerification of Web Content Integrity: A new approach to protecting servers against tampering
The provision of web services is a real-time process, conducted in ad-hoc, ‘off the cuff’ manner. Consequently the verification of the data content and the identification of any authorized data interference or manipulation are not without problems. Some progress has been made in addressing the verification of server content integrity, but current solutions are restricted by the limitations of t...
متن کاملSecurity Hardening for SAS® 9.3 Enterprise BI Web Applications
Web configuration for SAS 9.3 Enterprise BI Web applications need to be secured according to an organization's security policy. This paper examines the Web configuration security enhancement options and the protection of Web applications from security vulnerability attacks. Security enhancements for the configuration include single sign-on, integration with a reverse proxy security server, sett...
متن کامل