SlideShare una empresa de Scribd logo

Analysis of field data on web security vulnerabilities

Descargar como DOC, PDF
Papitha Velumani
Papitha Velumani

TO GET THIS PROJECT THROUGH ONLINE OR TRAINING SESSION CONTACT: LansA Informatics Pvt Ltd No 165, 5th Street, Crosscut road, Gandhipuram, Coimbatore - 641 012 Landline: 0422 - 4204373 Mobile: +91 90 953 953 33 Email :lansa.projects@gmail.com Website: www.lansainformatics.com Blog: www.lansastudentscdc.blogspot.com

Educación
1 de 7
ANALYSIS OF FIELD DATA ON WEB SECURITY VULNERABILITIES ABSTRACT: Most web applications have critical bugs (faults) affecting their security, which makes them vulnerable to attacks by hackers and organized crime. To prevent these security problems from occurring it is of utmost importance to understand the typical software faults. This paper contributes to this body of knowledge by presenting a field study on two of the most widely spread and critical web application vulnerabilities: SQL Injection and XSS. It analyzes the source code of security patches of widely used web applications written in weak and strong typed languages. Results show that only a small subset of software fault types, affecting a restricted collection of statements, is related to security. To understand how these vulnerabilities are really exploited by hackers, this paper also presents an analysis of the source code of the scripts used to attack them. The outcomes of this study can be used to train
software developers and code inspectors in the detection of such faults and are also the foundation for the research of realistic vulnerability and attack injectors that can be used to assess security mechanisms, such as intrusion detection systems, vulnerability scanners, and static code analyzers. EXISTING SYSTEM: The security of web applications becomes a major concern and it is receiving more and more attention from governments, corporations, and the research community. Attackers also followed the move to the web and as such more than half of current computer security threats and vulnerabilities affect web applications. Not surprisingly, the number of reported attacks that exploit web application vulnerabilities is increasing. In fact, numerous data breach attacks are frequently reported due to web application security problems. Given the preponderant role of web applications in many organizations, one can realize the importance of finding ways to reduce the number of vulnerabilities. This can be helped with a deeper knowledge on
software faults behind such vulnerabilities; however, this is a vast field and there is still a lot of work to be done. DISADVANTAGES OF EXISTING SYSTEM:  It is vulnerable to attacks. Attackers also followed the move to the web and as such more than half of current computer security threats and vulnerabilities affect web applications. PROPOSED SYSTEM: This paper contributes to fill this gap by presenting a study on characteristics of source code defects generating major web application vulnerabilities. The main research goal is to understand the typical software faults that are behind the majority of web application vulnerabilities, taking into account different programming languages. To understand the relevance these kinds of vulnerabilities for the attackers, the paper also analyzes the code used to exploit them. The proposed methodology allows gathering the information on common
mistakes that developers should avoid. This knowledge is helpful for training, and it is crucial for the specification of guidelines for security code reviewers, for the evaluation of penetration testing tools, as well as for the creation of safer internal policies for programming practices, among others. It can also be used to build a realistic attack injector. In our study, we observed that not every vulnerability is equally important for an attacker, and when not all vulnerabilities can be fixed in due time, these data may be used to select those that should be addressed first. ADVANTAGES OF PROPOSED SYSTEM: Its underlying idea is that knowing the root cause of software defects helps removing their source. Each patch was inspected in depth to gather the precise characteristics of the code that was responsible for the security problem and classified them according to an adaptation of the orthogonal defect classification.
SYSTEM CONFIGURATION:- HARDWARE REQUIREMENTS:- Processor - Pentium –IV Speed - 1.1 Ghz RAM - 512 MB(min) Hard Disk - 40 GB Key Board - Standard Windows Keyboard Mouse - Two or Three Button Mouse Monitor - LCD/LED SOFTWARE REQUIREMENTS: Operating system : Windows XP. Coding Language : JAVA Data Base : MySQL Tool : Netbeans.
REFERENCE: Jose´ Fonseca, Nuno Seixas, Marco Vieira, and Henrique Madeira, “Analysis of Field Data on Web Security Vulnerabilities” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014.
REFERENCE: Jose´ Fonseca, Nuno Seixas, Marco Vieira, and Henrique Madeira, “Analysis of Field Data on Web Security Vulnerabilities” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014.

Recomendados

Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and ITKomalah Nair
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 

Recomendados

Classification of vulnerabilities
Classification of vulnerabilitiesClassification of vulnerabilities
Classification of vulnerabilitiesMayur Mehta
 
Security in Computing and IT
Security in Computing and ITSecurity in Computing and IT
Security in Computing and ITKomalah Nair
 
Introduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingIntroduction To Vulnerability Assessment & Penetration Testing
Introduction To Vulnerability Assessment & Penetration TestingRaghav Bisht
 
website vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperwebsite vulnerability scanner and reporter research paper
website vulnerability scanner and reporter research paperBhagyashri Chalakh
 
Vulnerability assessment and penetration testing
Vulnerability assessment and penetration testingVulnerability assessment and penetration testing
Vulnerability assessment and penetration testingAbu Sadat Mohammed Yasin
 
The Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesThe Security Vulnerability Assessment Process & Best Practices
The Security Vulnerability Assessment Process & Best PracticesKellep Charles
 
What is security testing and why it is so important?
What is security testing and why it is so important?What is security testing and why it is so important?
What is security testing and why it is so important?ONE BCG
 
Vapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesVapt( vulnerabilty and penetration testing ) services
Vapt( vulnerabilty and penetration testing ) servicesAkshay Kurhade
 
Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityTestingXperts
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliAdv. Prashant Mali ♛ [Bsc(Phy),MSc(Comp Sci), CCFP,CISSA,LLM]
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Web App Sec Benchmarks
Web App Sec BenchmarksWeb App Sec Benchmarks
Web App Sec BenchmarksAung Khant
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITTekRevol LLC
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network VaptApurv Singh Gautam
 
Assessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber AttacksAssessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber AttacksCimation
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTshiriskumar
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...Alisha Henderson
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing rajRajakrishnan S, MCA,MBA,MA Phil,PMP,CSM,ISTQB-Test Mgr,ITIL
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber SecurityLTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Securityrver21
 
Threat modelling
Threat modellingThreat modelling
Threat modellingRajeev Venkata
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 
Identifying Cross Site Scripting Vulnerabilities in Web Applications
Identifying Cross Site Scripting Vulnerabilities in Web ApplicationsIdentifying Cross Site Scripting Vulnerabilities in Web Applications
Identifying Cross Site Scripting Vulnerabilities in Web ApplicationsPorfirio Tramontana
 
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникацииАрмия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникацииAndrew Petukhov
 
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...Nurul Haszeli Ahmad
 

Más contenido relacionado

La actualidad más candente

Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityTestingXperts
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingYvonne Marambanyika
 
Web App Sec Benchmarks
Web App Sec BenchmarksWeb App Sec Benchmarks
Web App Sec BenchmarksAung Khant
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITTekRevol LLC
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Akash Karwande
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsIJTET Journal
 
Assessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber AttacksAssessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber AttacksCimation
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in icsMayur Mehta
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTshiriskumar
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainSuvrat Jain
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...Alisha Henderson
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Edureka!
 
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber SecurityLTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Securityrver21
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approachIdexcel Technologies
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From MalwareRishu Mehra
 

La actualidad más candente (19)

Pen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurityPen testing and how does it help strengthen cybersecurity
Pen testing and how does it help strengthen cybersecurity
 
VAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant maliVAPT, Ethical Hacking and Laws in India by prashant mali
VAPT, Ethical Hacking and Laws in India by prashant mali
 
Vulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration TestingVulnerability and Assessment Penetration Testing
Vulnerability and Assessment Penetration Testing
 
Web App Sec Benchmarks
Web App Sec BenchmarksWeb App Sec Benchmarks
Web App Sec Benchmarks
 
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN ITWHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
WHAT IS APP SECURITY – THE COMPLETE PROCESS AND THE TOOLS & TESTS TO RUN IT
 
Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques Malware Detection Using Data Mining Techniques
Malware Detection Using Data Mining Techniques
 
Routine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence FlawsRoutine Detection Of Web Application Defence Flaws
Routine Detection Of Web Application Defence Flaws
 
Intro to Network Vapt
Intro to Network VaptIntro to Network Vapt
Intro to Network Vapt
 
Assessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber AttacksAssessment and Threats: Protecting Your Company from Cyber Attacks
Assessment and Threats: Protecting Your Company from Cyber Attacks
 
Sdl deployment in ics
Sdl deployment in icsSdl deployment in ics
Sdl deployment in ics
 
OTG - Practical Hands on VAPT
OTG - Practical Hands on VAPTOTG - Practical Hands on VAPT
OTG - Practical Hands on VAPT
 
Ethical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jainEthical Hacking n VAPT presentation by Suvrat jain
Ethical Hacking n VAPT presentation by Suvrat jain
 
What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...What is penetration testing and why is it important for a business to invest ...
What is penetration testing and why is it important for a business to invest ...
 
Introduction to security testing raj
Introduction to security testing rajIntroduction to security testing raj
Introduction to security testing raj
 
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
Penetration Testing Tutorial | Penetration Testing Tools | Cyber Security Tra...
 
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber SecurityLTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
LTS Secure User Entity Behavior Analytics(UEBA) boon to Cyber Security
 
Threat modelling
Threat modellingThreat modelling
Threat modelling
 
Application security testing an integrated approach
Application security testing an integrated approachApplication security testing an integrated approach
Application security testing an integrated approach
 
Protecting Windows Networks From Malware
Protecting Windows Networks From MalwareProtecting Windows Networks From Malware
Protecting Windows Networks From Malware
 

Destacado

Identifying Cross Site Scripting Vulnerabilities in Web Applications
Identifying Cross Site Scripting Vulnerabilities in Web ApplicationsIdentifying Cross Site Scripting Vulnerabilities in Web Applications
Identifying Cross Site Scripting Vulnerabilities in Web ApplicationsPorfirio Tramontana
 
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникацииАрмия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникацииAndrew Petukhov
 
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...Nurul Haszeli Ahmad
 
Analysis of Field Data on Web Security Vulnerabilities
Analysis of Field Data on Web Security VulnerabilitiesAnalysis of Field Data on Web Security Vulnerabilities
Analysis of Field Data on Web Security VulnerabilitiesKaashivInfoTech Company
 
A Study on Dynamic Detection of Web Application Vulnerabilities
A Study on Dynamic Detection of Web Application VulnerabilitiesA Study on Dynamic Detection of Web Application Vulnerabilities
A Study on Dynamic Detection of Web Application VulnerabilitiesYuji Kosuga
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS SecurityRaleigh ISSA
 
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...Andrew Petukhov
 
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEWEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEAjith Kp
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureAndrew Petukhov
 
CODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
CODE BLUE 2016 - Method of Detecting Vulnerability in Web AppsCODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
CODE BLUE 2016 - Method of Detecting Vulnerability in Web AppsIsao Takaesu
 
Attributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryptionAttributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryptionKaashivInfoTech Company
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security applicationbharatsvnit
 
Technology buffet for new teachers march 2012
Technology buffet for new teachers march 2012Technology buffet for new teachers march 2012
Technology buffet for new teachers march 2012Karen Brooks
 

Destacado (13)

Identifying Cross Site Scripting Vulnerabilities in Web Applications
Identifying Cross Site Scripting Vulnerabilities in Web ApplicationsIdentifying Cross Site Scripting Vulnerabilities in Web Applications
Identifying Cross Site Scripting Vulnerabilities in Web Applications
 
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникацииАрмия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
 
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
C Overflows Vulnerabilities Exploit Taxonomy And Evaluation on Static Analysi...
 
Analysis of Field Data on Web Security Vulnerabilities
Analysis of Field Data on Web Security VulnerabilitiesAnalysis of Field Data on Web Security Vulnerabilities
Analysis of Field Data on Web Security Vulnerabilities
 
A Study on Dynamic Detection of Web Application Vulnerabilities
A Study on Dynamic Detection of Web Application VulnerabilitiesA Study on Dynamic Detection of Web Application Vulnerabilities
A Study on Dynamic Detection of Web Application Vulnerabilities
 
2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security2012 04 Analysis Techniques for Mobile OS Security
2012 04 Analysis Techniques for Mobile OS Security
 
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
 
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSEWEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
WEB APPLICATION VULNERABILITIES: DAWN, DETECTION, EXPLOITATION AND DEFENSE
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
 
CODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
CODE BLUE 2016 - Method of Detecting Vulnerability in Web AppsCODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
CODE BLUE 2016 - Method of Detecting Vulnerability in Web Apps
 
Attributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryptionAttributes based encryption with verifiable outsourced decryption
Attributes based encryption with verifiable outsourced decryption
 
data mining for security application
data mining for security applicationdata mining for security application
data mining for security application
 
Technology buffet for new teachers march 2012
Technology buffet for new teachers march 2012Technology buffet for new teachers march 2012
Technology buffet for new teachers march 2012
 

Similar a Analysis of field data on web security vulnerabilities

Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools usedZoe Gilbert
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...IJNSA Journal
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureMohit Rampal
 
Security against Web Application Attacks Using Ontology Based Intrusion Detec...
Security against Web Application Attacks Using Ontology Based Intrusion Detec...Security against Web Application Attacks Using Ontology Based Intrusion Detec...
Security against Web Application Attacks Using Ontology Based Intrusion Detec...IRJET Journal
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Research Publish Journals (Publisher)
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...ESET Middle East
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...IJNSA Journal
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management SystemIRJET Journal
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET Journal
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and RiskSecPod Technologies
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportJeremiah Grossman
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...IJNSA Journal
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSIJNSA Journal
 
A Smart Fuzzing Approach for Integer Overflow Detection
A Smart Fuzzing Approach for Integer Overflow DetectionA Smart Fuzzing Approach for Integer Overflow Detection
A Smart Fuzzing Approach for Integer Overflow DetectionITIIIndustries
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And RiskChandrashekhar B
 

Similar a Analysis of field data on web security vulnerabilities (20)

Web app penetration testing best methods tools used
Web app penetration testing best methods tools usedWeb app penetration testing best methods tools used
Web app penetration testing best methods tools used
 
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
Malware Detection Module using Machine Learning Algorithms to Assist in Centr...
 
Cyber Security for Critical Infrastructure
Cyber Security for Critical InfrastructureCyber Security for Critical Infrastructure
Cyber Security for Critical Infrastructure
 
Security against Web Application Attacks Using Ontology Based Intrusion Detec...
Security against Web Application Attacks Using Ontology Based Intrusion Detec...Security against Web Application Attacks Using Ontology Based Intrusion Detec...
Security against Web Application Attacks Using Ontology Based Intrusion Detec...
 
Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....Malware analysis and detection using reverse Engineering, Available at: www....
Malware analysis and detection using reverse Engineering, Available at: www....
 
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
Protecting Enterprise - An examination of bugs, major vulnerabilities and exp...
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGRA...
 
Vulnerability Management System
Vulnerability Management SystemVulnerability Management System
Vulnerability Management System
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
IRJET- Zombie - Venomous File: Analysis using Legitimate Signature for Securi...
 
Attacking antivirus
Attacking antivirusAttacking antivirus
Attacking antivirus
 
185
185185
185
 
Vulnerability , Malware and Risk
Vulnerability , Malware and RiskVulnerability , Malware and Risk
Vulnerability , Malware and Risk
 
WhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics ReportWhiteHat 2014 Website Security Statistics Report
WhiteHat 2014 Website Security Statistics Report
 
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
SOURCE CODE ANALYSIS TO REMOVE SECURITY VULNERABILITIES IN JAVA SOCKET PROGR...
 
A26001006
A26001006A26001006
A26001006
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLSA FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
A FRAMEWORK FOR ANALYSIS AND COMPARISON OF DYNAMIC MALWARE ANALYSIS TOOLS
 
A Smart Fuzzing Approach for Integer Overflow Detection
A Smart Fuzzing Approach for Integer Overflow DetectionA Smart Fuzzing Approach for Integer Overflow Detection
A Smart Fuzzing Approach for Integer Overflow Detection
 
Vulnerability Malware And Risk
Vulnerability Malware And RiskVulnerability Malware And Risk
Vulnerability Malware And Risk
 

Más de Papitha Velumani

2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in Java2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in JavaPapitha Velumani
 
2015 - 2016 IEEE Project Titles and abstracts in Android
2015 - 2016 IEEE Project Titles and abstracts in Android 2015 - 2016 IEEE Project Titles and abstracts in Android
2015 - 2016 IEEE Project Titles and abstracts in Android Papitha Velumani
 
2015 - 2016 IEEE Project Titles and abstracts in Dotnet
2015 - 2016 IEEE Project Titles and abstracts in Dotnet 2015 - 2016 IEEE Project Titles and abstracts in Dotnet
2015 - 2016 IEEE Project Titles and abstracts in Dotnet Papitha Velumani
 
Trajectory improves data delivery in urban vehicular networks
Trajectory improves data delivery in urban vehicular networks Trajectory improves data delivery in urban vehicular networks
Trajectory improves data delivery in urban vehicular networks Papitha Velumani
 
Tracon interference aware scheduling for data-intensive applications in virtu...
Tracon interference aware scheduling for data-intensive applications in virtu...Tracon interference aware scheduling for data-intensive applications in virtu...
Tracon interference aware scheduling for data-intensive applications in virtu...Papitha Velumani
 
Supporting privacy protection in personalized web search
Supporting privacy protection in personalized web searchSupporting privacy protection in personalized web search
Supporting privacy protection in personalized web searchPapitha Velumani
 
Stochastic bandwidth estimation in networks with random service
Stochastic bandwidth estimation in networks with random serviceStochastic bandwidth estimation in networks with random service
Stochastic bandwidth estimation in networks with random servicePapitha Velumani
 
Sos a distributed mobile q&a system based on social networks
Sos a distributed mobile q&a system based on social networksSos a distributed mobile q&a system based on social networks
Sos a distributed mobile q&a system based on social networksPapitha Velumani
 
Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack Papitha Velumani
 
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...Papitha Velumani
 
Probabilistic consolidation of virtual machines in self organizing cloud data...
Probabilistic consolidation of virtual machines in self organizing cloud data...Probabilistic consolidation of virtual machines in self organizing cloud data...
Probabilistic consolidation of virtual machines in self organizing cloud data...Papitha Velumani
 
Privacy preserving multi-keyword ranked search over encrypted cloud data
Privacy preserving multi-keyword ranked search over encrypted cloud dataPrivacy preserving multi-keyword ranked search over encrypted cloud data
Privacy preserving multi-keyword ranked search over encrypted cloud dataPapitha Velumani
 
Privacy preserving and content-protecting location based queries
Privacy preserving and content-protecting location based queriesPrivacy preserving and content-protecting location based queries
Privacy preserving and content-protecting location based queriesPapitha Velumani
 
Pack prediction based cloud bandwidth and cost reduction system
Pack prediction based cloud bandwidth and cost reduction systemPack prediction based cloud bandwidth and cost reduction system
Pack prediction based cloud bandwidth and cost reduction systemPapitha Velumani
 
Occt a one class clustering tree for implementing one-to-man data linkage
Occt a one class clustering tree for implementing one-to-man data linkageOcct a one class clustering tree for implementing one-to-man data linkage
Occt a one class clustering tree for implementing one-to-man data linkagePapitha Velumani
 
Leveraging social networks for p2p content based file sharing in disconnected...
Leveraging social networks for p2p content based file sharing in disconnected...Leveraging social networks for p2p content based file sharing in disconnected...
Leveraging social networks for p2p content based file sharing in disconnected...Papitha Velumani
 
LDBP: localized boundary detection and parametrization for 3 d sensor networks
LDBP: localized boundary detection and parametrization for 3 d sensor networksLDBP: localized boundary detection and parametrization for 3 d sensor networks
LDBP: localized boundary detection and parametrization for 3 d sensor networksPapitha Velumani
 
Integrity for join queries in the cloud
Integrity for join queries in the cloudIntegrity for join queries in the cloud
Integrity for join queries in the cloudPapitha Velumani
 
Improving fairness, efficiency, and stability in http based adaptive video st...
Improving fairness, efficiency, and stability in http based adaptive video st...Improving fairness, efficiency, and stability in http based adaptive video st...
Improving fairness, efficiency, and stability in http based adaptive video st...Papitha Velumani
 
Hybrid attribute and re-encryption-based key management for secure and scala...
Hybrid attribute and re-encryption-based key management for secure and scala...Hybrid attribute and re-encryption-based key management for secure and scala...
Hybrid attribute and re-encryption-based key management for secure and scala...Papitha Velumani
 

Más de Papitha Velumani (20)

2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in Java2015 - 2016 IEEE Project Titles and abstracts in Java
2015 - 2016 IEEE Project Titles and abstracts in Java
 
2015 - 2016 IEEE Project Titles and abstracts in Android
2015 - 2016 IEEE Project Titles and abstracts in Android 2015 - 2016 IEEE Project Titles and abstracts in Android
2015 - 2016 IEEE Project Titles and abstracts in Android
 
2015 - 2016 IEEE Project Titles and abstracts in Dotnet
2015 - 2016 IEEE Project Titles and abstracts in Dotnet 2015 - 2016 IEEE Project Titles and abstracts in Dotnet
2015 - 2016 IEEE Project Titles and abstracts in Dotnet
 
Trajectory improves data delivery in urban vehicular networks
Trajectory improves data delivery in urban vehicular networks Trajectory improves data delivery in urban vehicular networks
Trajectory improves data delivery in urban vehicular networks
 
Tracon interference aware scheduling for data-intensive applications in virtu...
Tracon interference aware scheduling for data-intensive applications in virtu...Tracon interference aware scheduling for data-intensive applications in virtu...
Tracon interference aware scheduling for data-intensive applications in virtu...
 
Supporting privacy protection in personalized web search
Supporting privacy protection in personalized web searchSupporting privacy protection in personalized web search
Supporting privacy protection in personalized web search
 
Stochastic bandwidth estimation in networks with random service
Stochastic bandwidth estimation in networks with random serviceStochastic bandwidth estimation in networks with random service
Stochastic bandwidth estimation in networks with random service
 
Sos a distributed mobile q&a system based on social networks
Sos a distributed mobile q&a system based on social networksSos a distributed mobile q&a system based on social networks
Sos a distributed mobile q&a system based on social networks
 
Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack Security evaluation of pattern classifiers under attack
Security evaluation of pattern classifiers under attack
 
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
Real time misbehavior detection in ieee 802.11-based wireless networks an ana...
 
Probabilistic consolidation of virtual machines in self organizing cloud data...
Probabilistic consolidation of virtual machines in self organizing cloud data...Probabilistic consolidation of virtual machines in self organizing cloud data...
Probabilistic consolidation of virtual machines in self organizing cloud data...
 
Privacy preserving multi-keyword ranked search over encrypted cloud data
Privacy preserving multi-keyword ranked search over encrypted cloud dataPrivacy preserving multi-keyword ranked search over encrypted cloud data
Privacy preserving multi-keyword ranked search over encrypted cloud data
 
Privacy preserving and content-protecting location based queries
Privacy preserving and content-protecting location based queriesPrivacy preserving and content-protecting location based queries
Privacy preserving and content-protecting location based queries
 
Pack prediction based cloud bandwidth and cost reduction system
Pack prediction based cloud bandwidth and cost reduction systemPack prediction based cloud bandwidth and cost reduction system
Pack prediction based cloud bandwidth and cost reduction system
 
Occt a one class clustering tree for implementing one-to-man data linkage
Occt a one class clustering tree for implementing one-to-man data linkageOcct a one class clustering tree for implementing one-to-man data linkage
Occt a one class clustering tree for implementing one-to-man data linkage
 
Leveraging social networks for p2p content based file sharing in disconnected...
Leveraging social networks for p2p content based file sharing in disconnected...Leveraging social networks for p2p content based file sharing in disconnected...
Leveraging social networks for p2p content based file sharing in disconnected...
 
LDBP: localized boundary detection and parametrization for 3 d sensor networks
LDBP: localized boundary detection and parametrization for 3 d sensor networksLDBP: localized boundary detection and parametrization for 3 d sensor networks
LDBP: localized boundary detection and parametrization for 3 d sensor networks
 
Integrity for join queries in the cloud
Integrity for join queries in the cloudIntegrity for join queries in the cloud
Integrity for join queries in the cloud
 
Improving fairness, efficiency, and stability in http based adaptive video st...
Improving fairness, efficiency, and stability in http based adaptive video st...Improving fairness, efficiency, and stability in http based adaptive video st...
Improving fairness, efficiency, and stability in http based adaptive video st...
 
Hybrid attribute and re-encryption-based key management for secure and scala...
Hybrid attribute and re-encryption-based key management for secure and scala...Hybrid attribute and re-encryption-based key management for secure and scala...
Hybrid attribute and re-encryption-based key management for secure and scala...
 

Último

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhikauryashika82
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.pptRamjanShidvankar
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfciinovamais
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAssociation for Project Management
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeThiyagu K
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17Celine George
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfAdmir Softic
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxVishalSingh1417
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterMateoGardella
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.MateoGardella
 

Último (20)

Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in DelhiRussian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
Russian Escort Service in Delhi 11k Hotel Foreigner Russian Call Girls in Delhi
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
Measures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and ModeMeasures of Central Tendency: Mean, Median and Mode
Measures of Central Tendency: Mean, Median and Mode
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Key note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdfKey note speaker Neum_Admir Softic_ENG.pdf
Key note speaker Neum_Admir Softic_ENG.pdf
 
Unit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptxUnit-IV- Pharma. Marketing Channels.pptx
Unit-IV- Pharma. Marketing Channels.pptx
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Gardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch LetterGardella_PRCampaignConclusion Pitch Letter
Gardella_PRCampaignConclusion Pitch Letter
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 

Analysis of field data on web security vulnerabilities

  • 1. ANALYSIS OF FIELD DATA ON WEB SECURITY VULNERABILITIES ABSTRACT: Most web applications have critical bugs (faults) affecting their security, which makes them vulnerable to attacks by hackers and organized crime. To prevent these security problems from occurring it is of utmost importance to understand the typical software faults. This paper contributes to this body of knowledge by presenting a field study on two of the most widely spread and critical web application vulnerabilities: SQL Injection and XSS. It analyzes the source code of security patches of widely used web applications written in weak and strong typed languages. Results show that only a small subset of software fault types, affecting a restricted collection of statements, is related to security. To understand how these vulnerabilities are really exploited by hackers, this paper also presents an analysis of the source code of the scripts used to attack them. The outcomes of this study can be used to train
  • 2. software developers and code inspectors in the detection of such faults and are also the foundation for the research of realistic vulnerability and attack injectors that can be used to assess security mechanisms, such as intrusion detection systems, vulnerability scanners, and static code analyzers. EXISTING SYSTEM: The security of web applications becomes a major concern and it is receiving more and more attention from governments, corporations, and the research community. Attackers also followed the move to the web and as such more than half of current computer security threats and vulnerabilities affect web applications. Not surprisingly, the number of reported attacks that exploit web application vulnerabilities is increasing. In fact, numerous data breach attacks are frequently reported due to web application security problems. Given the preponderant role of web applications in many organizations, one can realize the importance of finding ways to reduce the number of vulnerabilities. This can be helped with a deeper knowledge on
  • 3. software faults behind such vulnerabilities; however, this is a vast field and there is still a lot of work to be done. DISADVANTAGES OF EXISTING SYSTEM:  It is vulnerable to attacks. Attackers also followed the move to the web and as such more than half of current computer security threats and vulnerabilities affect web applications. PROPOSED SYSTEM: This paper contributes to fill this gap by presenting a study on characteristics of source code defects generating major web application vulnerabilities. The main research goal is to understand the typical software faults that are behind the majority of web application vulnerabilities, taking into account different programming languages. To understand the relevance these kinds of vulnerabilities for the attackers, the paper also analyzes the code used to exploit them. The proposed methodology allows gathering the information on common
  • 4. mistakes that developers should avoid. This knowledge is helpful for training, and it is crucial for the specification of guidelines for security code reviewers, for the evaluation of penetration testing tools, as well as for the creation of safer internal policies for programming practices, among others. It can also be used to build a realistic attack injector. In our study, we observed that not every vulnerability is equally important for an attacker, and when not all vulnerabilities can be fixed in due time, these data may be used to select those that should be addressed first. ADVANTAGES OF PROPOSED SYSTEM: Its underlying idea is that knowing the root cause of software defects helps removing their source. Each patch was inspected in depth to gather the precise characteristics of the code that was responsible for the security problem and classified them according to an adaptation of the orthogonal defect classification.
  • 5. SYSTEM CONFIGURATION:- HARDWARE REQUIREMENTS:- Processor - Pentium –IV Speed - 1.1 Ghz RAM - 512 MB(min) Hard Disk - 40 GB Key Board - Standard Windows Keyboard Mouse - Two or Three Button Mouse Monitor - LCD/LED SOFTWARE REQUIREMENTS: Operating system : Windows XP. Coding Language : JAVA Data Base : MySQL Tool : Netbeans.
  • 6. REFERENCE: Jose´ Fonseca, Nuno Seixas, Marco Vieira, and Henrique Madeira, “Analysis of Field Data on Web Security Vulnerabilities” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014.
  • 7. REFERENCE: Jose´ Fonseca, Nuno Seixas, Marco Vieira, and Henrique Madeira, “Analysis of Field Data on Web Security Vulnerabilities” IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, VOL. 11, NO. 2, MARCH/APRIL 2014.