Kapodistria et al., 2011 - Google Patents
An advanced web attack detection and prevention toolKapodistria et al., 2011
View PDF- Document ID
- 9238780804139121045
- Author
- Kapodistria H
- Mitropoulos S
- Douligeris C
- Publication year
- Publication venue
- Information Management & Computer Security
External Links
Snippet
Purpose–The purpose of this paper is to introduce a new tool which detects, prevents and records common web attacks that mainly result in web applications information leaking using pattern recognition. It is a cross‐platform application, namely, it is not OS‐dependent …
- 238000001514 detection method 0 title description 10
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/566—Dynamic detection, i.e. detection performed at run-time, e.g. emulation, suspicious activities
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US10868819B2 (en) | Systems for detecting a headless browser executing on a client computer | |
| Kirda et al. | Noxes: a client-side solution for mitigating cross-site scripting attacks | |
| Li et al. | A survey on server-side approaches to securing web applications | |
| Sadqi et al. | A systematic review and taxonomy of web applications threats | |
| EP2513800B1 (en) | Methods and systems of detecting and analyzing correlated operations in a common storage | |
| Nithya et al. | A survey on detection and prevention of cross-site scripting attack | |
| Li et al. | A survey on web application security | |
| Shahriar et al. | Client-side detection of cross-site request forgery attacks | |
| Ravindran et al. | A Review on Web Application Vulnerability Assessment and Penetration Testing. | |
| Kapodistria et al. | An advanced web attack detection and prevention tool | |
| Nagpal et al. | SECSIX: security engine for CSRF, SQL injection and XSS attacks | |
| Spett | Cross-site scripting | |
| Katkar Anjali et al. | Web vulnerability detection and security mechanism | |
| Kirchner et al. | Dancer in the dark: Synthesizing and evaluating polyglots for blind {Cross-Site} scripting | |
| Dharam et al. | Runtime monitoring technique to handle tautology based SQL injection attacks | |
| Xia et al. | WalletRadar: towards automating the detection of vulnerabilities in browser-based cryptocurrency wallets | |
| Hammoudeh et al. | The study on assessment of security web applications | |
| Zhao et al. | Large-scale detection of privacy leaks for BAT browsers extensions in China | |
| Nunes | Blended security analysis for web applications: Techniques and tools | |
| Jayaraman et al. | Enforcing request integrity in web applications | |
| Izagirre | Deception strategies for web application security: application-layer approaches and a testing platform | |
| al Azmi et al. | A comprehensive research on XSS scripting attacks on different domains and their verticals | |
| Pevnev et al. | Web application protection technologies | |
| Zhou et al. | Strengthening XSRF defenses for legacy web applications using whitebox analysis and transformation | |
| Alanda et al. | Cross-Site Scripting (XSS) Vulnerabilities in Modern Web Applications |