Article

Early Detection of Security Misconfiguration Vulnerabilities in Web Applications

Authors:

Birhanu Eshete,

Adolfo Villafiorita,

Komminist WeldemariamAuthors Info & Claims

ARES '11: Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security

Pages 169 - 174

https://doi.org/10.1109/ARES.2011.31

Published: 22 August 2011 Publication History

Abstract

This paper presents a web-based tool to supplement defense against security misconfiguration vulnerabilities in web applications. The tool automatically audits security configuration settings of server environments in web application development and deployment. It also offers features to automatically adjust security configuration settings and quantitatively rates level of safety for server environments before deploying web applications. Using the tool, we were able to evaluate eleven server packages for Apache, PHP and MySQL across three operating system platforms. Our evaluation revealed that the tool is able to audit current security configuration settings and alert users to fix the server environment to achieve the level of safety of security configuration with respect to recommended configurations for real-life web application deployment.

Cited By

View all

Chughtai MBibi IKarim SShah SLaghari AKhan A(2024)Deep learning trends and future perspectives of web security and vulnerabilitiesJournal of High Speed Networks10.3233/JHS-23003730:1(115-146)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-230037
Roy SSharmin NAcosta JKiekintveld CLaszka A(2022)Survey and Taxonomy of Adversarial Reconnaissance TechniquesACM Computing Surveys10.1145/353870455:6(1-38)Online publication date: 7-Dec-2022
https://dl.acm.org/doi/10.1145/3538704
Alves FMateus-Coelho NCruz-Cunha M(2022)ChevroCrypto – Cryptography APIProcedia Computer Science10.1016/j.procs.2022.08.014204:C(116-122)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1016/j.procs.2022.08.014
Show More Cited By

Recommendations

Security Vulnerabilities in the Same-Origin Policy: Implications and Alternatives

The same-origin policy, a fundamental security mechanism within Web browsers, overly restricts Web application development while creating an ever-growing list of security holes, reinforcing the argument that the SOP is not an appropriate security model.
...
On Security Issues in Web Applications through Cross Site Scripting (XSS)
APSEC '13: Proceedings of the 2013 20th Asia-Pacific Software Engineering Conference (APSEC) - Volume 01

Web applications have become a very popular means of developing software. This is because of many advantages of web applications like no need of installation on each client machine, centralized data, reduction in business cost etc. With the increase in ...
An empirical investigation into open source web applications' implementation vulnerabilities

Current web applications have many inherent vulnerabilities; in fact, in 2008, over 63% of all documented vulnerabilities are for web applications. While many approaches have been proposed to address various web application vulnerability issues, there ...

Comments

Information & Contributors

Information

Published In

ARES '11: Proceedings of the 2011 Sixth International Conference on Availability, Reliability and Security

August 2011

772 pages

ISBN:9780769544854

Publisher

IEEE Computer Society

United States

Publication History

Published: 22 August 2011

Author Tags

Qualifiers

Article

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
0
Total Downloads

Downloads (Last 12 months)0
Downloads (Last 6 weeks)0

Reflects downloads up to 23 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Chughtai MBibi IKarim SShah SLaghari AKhan A(2024)Deep learning trends and future perspectives of web security and vulnerabilitiesJournal of High Speed Networks10.3233/JHS-23003730:1(115-146)Online publication date: 1-Jan-2024
https://dl.acm.org/doi/10.3233/JHS-230037
Roy SSharmin NAcosta JKiekintveld CLaszka A(2022)Survey and Taxonomy of Adversarial Reconnaissance TechniquesACM Computing Surveys10.1145/353870455:6(1-38)Online publication date: 7-Dec-2022
https://dl.acm.org/doi/10.1145/3538704
Alves FMateus-Coelho NCruz-Cunha M(2022)ChevroCrypto – Cryptography APIProcedia Computer Science10.1016/j.procs.2022.08.014204:C(116-122)Online publication date: 1-Jan-2022
https://dl.acm.org/doi/10.1016/j.procs.2022.08.014
Ferrari DCarminati MPolino MZanero S(2020)NoSQL Breakdown: A Large-scale Analysis of Misconfigured NoSQL ServicesProceedings of the 36th Annual Computer Security Applications Conference10.1145/3427228.3427260(567-581)Online publication date: 7-Dec-2020
https://dl.acm.org/doi/10.1145/3427228.3427260
Continella APolino MPogliani MZanero S(2018)There's a Hole in that Bucket!Proceedings of the 34th Annual Computer Security Applications Conference10.1145/3274694.3274736(702-711)Online publication date: 3-Dec-2018
https://dl.acm.org/doi/10.1145/3274694.3274736
Gupta SGupta B(2017)Detection, Avoidance, and Attack Pattern Mechanisms in Modern Web Application VulnerabilitiesInternational Journal of Cloud Applications and Computing10.4018/IJCAC.20170701017:3(1-43)Online publication date: 1-Jul-2017
https://dl.acm.org/doi/10.4018/IJCAC.2017070101
Costin AZaddach JFrancillon ABalzarotti DFu K(2014)A large-scale analysis of the security of embedded firmwaresProceedings of the 23rd USENIX conference on Security Symposium10.5555/2671225.2671232(95-110)Online publication date: 20-Aug-2014
https://dl.acm.org/doi/10.5555/2671225.2671232

Abstract

Cited By

Recommendations

Security Vulnerabilities in the Same-Origin Policy: Implications and Alternatives

On Security Issues in Web Applications through Cross Site Scripting (XSS)

An empirical investigation into open source web applications' implementation vulnerabilities

Comments

Information

Published In

Publisher

Publication History

Author Tags

Qualifiers

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

View options

Share

Share this Publication link

Share on social media

Affiliations