Biblioteca Digital do IPG: Evaluation of Web Security Mechanisms Using Vulnerability & Attack Injection

	Sobre o Repositório

Percorrer:
	Comunidades & Colecções
	Títulos
	Autores
	Assuntos
	Por Data

Entrar:
	Serviço de Alertas
	Meu Repositório utilizadores autorizados
	Editar Conta


	Guias

Biblioteca Digital do IPG >
Escola Superior de Tecnologia e Gestão (ESTG) >
Artigos em Revista Internacional (ESTG) >

Utilize este identificador para referenciar este registo: http://hdl.handle.net/10314/3164

Título:	Evaluation of Web Security Mechanisms Using Vulnerability & Attack Injection
Autores:	Fonseca, José Carlos
Palavras Chave:	Security Fault injection Internet applications Review and evaluation
Data:	2014
Editora:	IEEE Transactions On Dependable And Secure Computing
Resumo:	In this paper we propose a methodology and a prototype tool to evaluate web application security mechanisms. The methodology is based on the idea that injecting realistic vulnerabilities in a web application and attacking them automatically can be used to support the assessment of existing security mechanisms and tools in custom setup scenarios. To provide true to life results, the proposed vulnerability and attack injection methodology relies on the study of a large number of vulnerabilities in real web applications. In addition to the generic methodology, the paper describes the implementation of the Vulnerability & Attack Injector Tool (VAIT) that allows the automation of the entire process. We used this tool to run a set of experiments that demonstrate the feasibility and the effectiveness of the proposed methodology. The experiments include the evaluation of coverage and false positives of an intrusion detection system for SQL Injection attacks and the assessment of the effectiveness of two top commercial web application vulnerability scanners. Results show that the injection of vulnerabilities and attacks is indeed an effective way to evaluate security mechanisms and to point out not only their weaknesses but also ways for their improvement
URI:	http://hdl.handle.net/10314/3164
Aparece nas Colecções:	Artigos em Revista Internacional (ESTG)

Ficheiros deste Registo:

Ficheiro	Descrição	Tamanho	Formato
Evaluation of Web Security Mechanisms.pdf		1313Kb	Adobe PDF	Ver/Abrir

Sugerir este item a um colega