A Taxonomy of Web Security Vulnerabilities

被引：5

作者：

Al-Kahla, Wafaa ^{[1
]}

Shatnawi, Ahmed S. ^{[2
]}

Taqieddin, Eyad ^{[1
]}

机构：

[1] Jordan Univ Sci & Technol, Dept Network Engn Secur, Irbid, Jordan

[2] Jordan Univ Sci & Technol, Dept Software Engn, Irbid, Jordan

来源：

2021 12TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION SYSTEMS (ICICS) | 2021年

关键词：

web security; XSS; static; dynamic analysis;

D O I：

10.1109/ICICS52457.2021.9464576

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

the rapid evolution in web applications and software development has not witnessed a similar pace in development opposite what has taken place in the security and cybersecurity arenas. Web applications security has become a significant issue since insecure applications and software undermine various areas including finance, health care, defense, and other mission critical infrastructures. Web application vulnerability results from misconfiguration, flaws in the design, implementation, operation, or management at the different levels of a web application (input side, output side, or both sides). This taxonomy paper studies web vulnerabilities, their impact on users' infrastructures, and their detection tools (static, dynamic, or hybrid) and mitigation mechanisms at different software architecture levels.

引用

页码：424 / 429

页数：6

共 16 条

[1]

Chuvakin A, 2010, CISC VIS NETW IND GL

[2]

Gupta S., 2012, Logging and monitoring to detect network intrusions and compliance violations in the environment

[3]

Hassan M., QUANTITATIVE ASSESSM

[4]

Hassan Md Maruf, 2018, INT J SIMUL SYST SCI, V19, P6

[5]

Jan S., 2017, IEEE T SOFTWARE ENG

[6] Known XML Vulnerabilities Are Still a Threat to Popular Parsers and Open Source Systems [J].

Jan, Sadeeq ;

Nguyen, Cu D. ;

Briand, Lionel .

2015 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE SECURITY AND RELIABILITY (QRS 2015), 2015, :233-241

[7]

Kaur D., 2014, INT J SCI ENG RES, V3, P2347

[8]

Li XL, 2018, SPRINGERBRIEF MATH, P1, DOI 10.1007/978-3-319-89617-5_1

[9] A Defensive Approach for CSRF and Broken Authentication and Session Management Attack [J].

Nadar, Virginia Mary ;

Chatterjee, Madhumita ;

Jacob, Leena .

AMBIENT COMMUNICATIONS AND COMPUTER SYSTEMS, RACCCS 2017, 2018, 696 :577-588

[10]

Nunes E, 2018, PROCEEDINGS OF THE 2018 APWG SYMPOSIUM ON ELECTRONIC CRIME RESEARCH (ECRIME), P58

← 1 2 →