DSpace DSpace

Biblioteca Digital do IPG >
Escola Superior de Tecnologia e Gestão (ESTG) >
Artigos em Acta de Conferência Internacional (ESTG) >

Utilize este identificador para referenciar este registo: http://hdl.handle.net/10314/2689

Título: The Web Attacker Perspective – A Field Study
Autores: Fonseca, José Martins
Palavras Chave: Security
Web application
Field study
Data: 2010
Resumo: Web applications are a fundamental pillar of today’s globalized world. Society depends and relies on them for business and daily life. However, web applications are under constant attack by hackers that exploit their vulnerabilities to access valuable assets and disrupt business. Many studies and reports on web application security problems analyze the victim’s perspective by detailing the vulnerabilities publicly disclosed. In this paper we present a field study on the attacker’s perspective by looking at over 300 real exploits used by hackers to attack web applications. Results show that SQL injection and Remote File Inclusion are the two most frequently used exploits and that hackers prefer easier rather than complicated attack techniques. Exploit and vulnerability data are also correlated to show that, although there are many types of vulnerabilities out there, only few are interesting enough for attackers to obtain what they want the most: root shell access and admin passwords.
URI: http://hdl.handle.net/10314/2689
Aparece nas Colecções:Artigos em Acta de Conferência Internacional (ESTG)

Ficheiros deste Registo:

Ficheiro Descrição TamanhoFormato
JoséMartinsFonseca.pdf623KbAdobe PDFVer/Abrir
Sugerir este item a um colega