New threats and attacks on the World Wide Web

Mannheim Univ.
IEEE Security and Privacy Magazine (Impact Factor: 0.96). 04/2006; DOI: 10.1109/MSP.2006.46
Source: IEEE Xplore

ABSTRACT Ten years ago, very few networks had a firewall; today, they're ubiquitous. The newest target is the workstation: client-side attacks have increased because direct attacks on servers aren't so easy any more. Moreover, as new defenses are raised, information flows are increasingly embedded into Web applications, making them extremely valuable as well, and, thus, the next target. This article describes some of these new threats

  • Source
  • [Show abstract] [Hide abstract]
    ABSTRACT: Web applications and server environments hosting them rely on configuration settings that influence their security, usability, and performance. Misconfiguration results in severe security vulnerabilities. Recent trends show that misconfiguration is among the top critical risks in web applications. While effective at uncovering numerous classes of vulnerabilities, generic web application vulnerability scanners are limited in identifying configuration vulnerabilities. In this paper, we present an approach that effectively combines hierarchical configuration scanning and preliminary source code analysis of web applications to pinpoint potential configuration vulnerabilities, quantify the degree of severity based on standard metrics, and facilitate fixing of vulnerabilities found therein. We implemented our approach in a tool called Confeagle and evaluated it on 14 widely deployed PHP web applications. Unlike generic web vulnerability scanners, on the subject applications, Confeagle detected potential configuration vulnerabilities that could result in information disclosure, denial-of-service, and session hijacking attacks on the applications.
    Software Security and Reliability (SERE), 2013 IEEE 7th International Conference on; 01/2013
  • [Show abstract] [Hide abstract]
    ABSTRACT: The worldwide demand for Advanced Meter Infrastructure is growing. Smart Meter manufactures and electric utilities have to rely on third party developers to realize the promised potentials of Smart Grid. Smart Meters come with wireless communication capabilities and they are manufactured according to international standards. Third party application developers must understand the details of meter interval data storage formats and used wireless communication technologies before integrating Smart Meters into localized controllers for peak shaving applications. This paper outlines how to develop interface hardware using minimum understanding of AMI to utilize existing and future appliances and other electrical apparatus in HANs and other DSM schemes.
    Innovative Smart Grid Technologies - Asia (ISGT Asia), 2012 IEEE; 01/2012


Available from