Biblioteca Digital do IPG >
Escola Superior de Tecnologia e Gestão (ESTG) >
Artigos em Acta de Conferência Internacional (ESTG) >
Utilize este identificador para referenciar este registo:
http://hdl.handle.net/10314/2689
|
Título: | The Web Attacker Perspective – A Field Study |
Autores: | Fonseca, José Martins |
Palavras Chave: | Security Exploit Vulnerability Web application Field study |
Data: | 2010 |
Resumo: | Web applications are a fundamental pillar of today’s globalized world. Society depends and relies on them for business and daily life. However, web applications are under constant attack by hackers that exploit their vulnerabilities to access valuable assets and disrupt business. Many studies and reports on web application security problems analyze the victim’s perspective by detailing the vulnerabilities publicly disclosed. In this paper we present a field study on the attacker’s perspective by looking at over 300 real exploits used
by hackers to attack web applications. Results show that SQL injection and Remote File Inclusion are the two most frequently used exploits and that hackers prefer easier rather than complicated attack techniques. Exploit and vulnerability data are also correlated to show that, although there are many types of vulnerabilities out there, only few are interesting enough for attackers to obtain what they want the most: root shell access and admin passwords. |
URI: | http://hdl.handle.net/10314/2689 |
Aparece nas Colecções: | Artigos em Acta de Conferência Internacional (ESTG)
|
Ficheiros deste Registo:
Ficheiro |
Descrição |
Tamanho | Formato |
JoséMartinsFonseca.pdf | | 623Kb | Adobe PDF | Ver/Abrir | |
|
|