New threats and attacks on the World Wide Web

Mannheim Univ.
IEEE Security and Privacy Magazine (Impact Factor: 0.73). 04/2006; 4(2):72 - 75. DOI: 10.1109/MSP.2006.46
Source: IEEE Xplore


Ten years ago, very few networks had a firewall; today, they're ubiquitous. The newest target is the workstation: client-side attacks have increased because direct attacks on servers aren't so easy any more. Moreover, as new defenses are raised, information flows are increasingly embedded into Web applications, making them extremely valuable as well, and, thus, the next target. This article describes some of these new threats

Full-text preview

Available from:
  • Source
    • "[4] "
    [Show abstract] [Hide abstract]
    ABSTRACT: This paper presents a web-based tool to supplement defense against security misconfiguration vulnerabilities in web applications. The tool automatically audits security configuration settings of server environments in web application development and deployment. It also offers features to automatically adjust security configuration settings and quantitatively rates level of safety for server environments before deploying web applications. Using the tool, we were able to evaluate eleven server packages for Apache, PHP and MySQL across three operating system platforms. Our evaluation revealed that the tool is able to audit current security configuration settings and alert users to fix the server environment to achieve the level of safety of security configuration with respect to recommended configurations for real-life web application deployment.
    Full-text · Conference Paper · Sep 2011
  • Source
    • "Deflecting direct web attacks requires that our framework is not vulnerable to buffer overflow or at least that the privileges gained in case of successful exploitation are limited. At the application level, the framework must be able to mitigate XSS [13], and SQL injection attacks [21]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: We address the challenge of building secure embedded web interfaces by proposing WebDroid: the first frame-work specifically dedicated to this purpose. Our design extends the Android Framework, and enables developers to create easily secure web interfaces for their applica-tions. To motivate our work, we perform an in-depth study of the security of web interfaces embedded in consumer electronics devices, uncover significant vulnerabilities in all the devices examined, and categorize the vulnerabili-ties. We demonstrate how our framework's security mech-anisms prevent embedded applications from suffering the vulnerabilities exposed by our audit. Finally we evaluate the efficiency of our framework in terms of performance and security.
    Preview · Article · Jan 2011
  • Source
    • "The Internet and the e-commence are more and more popular in recent years. Researches on the network security technologies have become very important for both government organizations and business corporations [1]. "
    [Show abstract] [Hide abstract]
    ABSTRACT: Due to the impact of the rapid popularization of Internet and e-commerce, most organizations and enterprises take great effort to protect their information systems against malicious attacks and invasions. The firewall is the most familiar method among relevant technologies for Internet security. However, the firewall systems in use today are either application software or utilities running on the personal computers or network nodes. It is very inconvenient to implement and manage the conventional firewalls. In order to make the management and construction of them easier without disrupting the existing network topology, we implement an embedded and distributed firewall system to safeguard the Internet. In this way, we combine the functions of the firewall and a central security policy server into an embedded system, which can be realized as a network interface card.
    Full-text · Article · Apr 2009
Show more