SecuriFly: Runtime Protection and Recovery from Web Application Security Vulnerabilities
نویسندگان
چکیده
This reports presents a runtime solution to a range of Web application security vulnerabilities. The solution we proposes called SecuriFly consists of instrumenting the application to precisely track the flow of data. When a potential vulnerability is observed, the application is either terminated to prevent the vulnerability from being exploited or special recovery code is executed and the application is allowed to continue on running. We have used SecuriFly to harden and experiment with a range of large opensource benchmarks written in Java. Protection provided by SecuriFly was sufficient to protect against all exploits we were able to generate.
منابع مشابه
Exploring the Relationship Between Web Application Development Tools and Security
How should software engineers choose which tools to use to develop secure web applications? Different developers have different opinions regarding which language, framework, or vulnerability-finding tool tends to yield more secure software than another; some believe that there is no difference at all between such tools. This paper adds quantitative data to the discussion and debate. We use manu...
متن کاملWeb Application Security—Past, Present, and Future *
Web application security remains a major roadblock to universal acceptance of the Web for many kinds of online transactions, especially since the recent sharp increase in remotely exploitable vulnerabilities has been attributed to Web application bugs. In software engineering, software testing is an established and well-researched process for improving software quality. Recently formal verifica...
متن کاملEliminating SQL Injection and Cross Site Scripting Using Aspect Oriented Programming
Security vulnerabilities in the web applications that we use to shop, bank, and socialize online expose us to exploits that cost billions of dollars each year. This paper describes the design and implementation of AspectShield, a system designed to mitigate the most common web application vulnerabilities without requiring costly and potentially dangerous modifications to the source code of vuln...
متن کاملTesting for Tautology based SQL Injection Attack using Runtime Monitors
Today, all commercial and business applications (ecommerce, banking, blogs, web mail, etc.,) are built as webbased database applications. Increasing prominence and usage of these applications has made them more susceptible to attacks because they store huge amount of sensitive user information. Traditional security mechanisms like network firewalls, intrusion detection systems, and use of encry...
متن کاملPerformance Evaluation of Web Application Security Scanners for Prevention and Protection against Vulnerabilities
With the increasing development of the Internet, web applications have become increasingly vulnerable and exposed to malicious attacks which affect essential properties such as confidentiality, integrity or availability of information systems. To deal with these malicious threats, web application developers and IT security administrators have used the web application vulnerabilities scanners (W...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
عنوان ژورنال:
دوره شماره
صفحات -
تاریخ انتشار 2006