Effective filter for common injection attacks in online web applications
Autor:
Ibarra-Fiallos, Santiago
; Bermejo-Higuera, Javier
; Intriago-Pazmiño, Monserrate
; Bermejo Higuera, Juan Ramón
; Sicilia, Juan Antonio
; Cubo Villalba, Javier
Fecha:
2021Palabra clave:
Revista / editorial:
IEEE AccessTipo de Ítem:
Articulo Revista IndexadaDirección web:
https://ieeexplore.ieee.org/document/9319139Resumen:
Injection attacks against web applications are still frequent, and organizations like OWASP places them within the Top Ten of security risks to web applications. The main goal of this work is to contribute to the community with the design of an effective protection of web applications against common injection attacks. Our proposal is a validation filter of input fields that is based on OWASP Stinger, a set of regular expressions, and a sanitization process. It validates both fundamental characters (letters, numbers, dot, dash, question marks, and exclamation point) and complex statements (JSON and XML files) for each field. The procedure of deploying the proposed filter is detailed, specifying the sections and contents of the configuration file. In addition, the infrastructure for running the tests is described, including the setting of an attack tool, and the implementation of a controller. The attack tool is used as a security scanner for common injection attacks, and the controller is developed for routing the requests in two steps; first a request is addressed to the filter, and if it is valid, it will redirect to the web application itself. The proposal filter has been tested on three public as well as on a real private web application. An accuracy of 98,4% and an average processing time of 50 ms are achieved, based on wich it is possible to conclude the proposed filter is highly reliable and does not require additional computational resources.
Este ítem aparece en la(s) siguiente(s) colección(es)
Estadísticas de uso
Año |
2012 |
2013 |
2014 |
2015 |
2016 |
2017 |
2018 |
2019 |
2020 |
2021 |
2022 |
2023 |
2024 |
Vistas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
44 |
44 |
51 |
86 |
Descargas |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
0 |
Ítems relacionados
Mostrando ítems relacionados por Título, autor o materia.
-
Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities
Bermejo Higuera, Juan Ramón ; Bermejo-Higuera, Javier ; Sicilia, Juan Antonio ; Cubo Villalba, Javier ; Nombela Pérez, Juan José (CMC-Computers Materials & Continua, 2020)To detect security vulnerabilities in a web application, the security analyst must choose the best performance Security Analysis Static Tool (SAST) in terms of discovering the greatest number of security vulnerabilities ... -
Systematic Approach to Malware Analysis (SAMA)
Bermejo-Higuera, Javier; Abad-Aramburu, Carlos; Bermejo Higuera, Juan Ramón; Sicilia Urban, Miguel Ángel; Sicilia, Juan Antonio (Applied Sciences, 02/2020)Malware threats pose new challenges to analytic and reverse engineering tasks. It is needed for a systematic approach to that analysis, in an attempt to fully uncover their underlying attack vectors and techniques and find ... -
MMALE a methodology for malware analysis in linux environments
de Vicente Mohino, José Javier ; Bermejo-Higuera, Javier; Bermejo Higuera, Juan Ramón; Sicilia, Juan Antonio ; Sánchez Rubio, Manuel ; Martínez Herraiz, José-Javier (Computers, materials and continua, 2021)In a computer environment, an operating systemis prone to malware, and even the Linux operating system is not an exception. In recent years, malware has evolved, and attackers have becomemore qualified compared to a fewyears ...