Akrout et al., 2014 - Google Patents
An automated black box approach for web vulnerability identification and attack scenario generationAkrout et al., 2014
View HTML- Document ID
- 10044050174996193868
- Author
- Akrout R
- Alata E
- Kaaniche M
- Nicomette V
- Publication year
- Publication venue
- Journal of the Brazilian Computer Society
External Links
Snippet
Web applications have become increasingly vulnerable and exposed to malicious attacks that could affect essential properties of information systems such as confidentiality, integrity, or availability. To cope with these threats, it is necessary to develop efficient security …
- 239000007924 injection 0 abstract description 86
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/51—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems at application loading time, e.g. accepting, rejecting, starting or inhibiting executable software based on integrity or source reliability
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2101—Auditing as a secondary aspect
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Akrout et al. | An automated black box approach for web vulnerability identification and attack scenario generation | |
| Aliero et al. | An algorithm for detecting SQL injection vulnerability using black-box testing | |
| Ren et al. | CSKG4APT: A cybersecurity knowledge graph for advanced persistent threat organization attribution | |
| Gupta et al. | XSS-secure as a service for the platforms of online social network-based multimedia web applications in cloud | |
| Lee et al. | A novel method for SQL injection attack detection based on removing SQL query attribute values | |
| Almorsy et al. | Supporting automated vulnerability analysis using formalized vulnerability signatures | |
| CN112131882A (en) | Multi-source heterogeneous network security knowledge graph construction method and device | |
| Djuric | A black-box testing tool for detecting SQL injection vulnerabilities | |
| Dessiatnikoff et al. | A clustering approach for web vulnerabilities detection | |
| Guo et al. | XSS vulnerability detection using optimized attack vector repertory | |
| Balasundaram et al. | An efficient technique for detection and prevention of SQL injection attack using ASCII based string matching | |
| Deepa et al. | Black-box detection of XQuery injection and parameter tampering vulnerabilities in web applications | |
| Tajpour et al. | Web application security by sql injection detectiontools | |
| Yeole et al. | Analysis of different technique for detection of SQL injection | |
| Tian et al. | Attack model based penetration test for SQL injection vulnerability | |
| Chandrashekhar et al. | SQL injection attack mechanisms and prevention techniques | |
| Alkhalaf et al. | Viewpoints: differential string analysis for discovering client-and server-side input validation inconsistencies | |
| Gupta et al. | GeneMiner: a classification approach for detection of XSS attacks on web services | |
| Bhateja et al. | A review of sql injection attack and various detection approaches | |
| George et al. | Token based detection and neural network based reconstruction framework against code injection vulnerabilities | |
| Eriksson et al. | Black Ostrich: Web application scanning with string solvers | |
| Montaruli et al. | Raze to the ground: Query-efficient adversarial html attacks on machine-learning phishing webpage detectors | |
| Noseevich et al. | Detecting insufficient access control in web applications | |
| Minhas et al. | Blocking of sql injection attacks by comparing static and dynamic queries | |
| Bangre et al. | SQL Injection Detection and Prevention Using Input Filter Technique |