The Experts below are selected from a list of 185178 Experts worldwide ranked by ideXlab platform
Sajjad Rafique - One of the best experts on this subject based on the ideXlab platform.
-
Systematic Review of Web Application Security Vulnerabilities Detection Methods
Journal of Computational Chemistry, 2015Co-Authors: Sajjad Rafique, Ansar Abbas, Mamoona Humayun, Hasan JavedAbstract:In recent years, web Security has been viewed in the context of securing the web Application layer from attacks by unauthorized users. The vulnerabilities existing in the web Application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider Security as a key factor. Therefore, this systematic literature review is conducted to investigate the various Security vulnerabilities used to secure the web Application layer, the Security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web Application development. In our SLR, we have performed a deep analysis on web Application Security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web Application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web Security processes and standards.
-
web Application Security vulnerabilities detection approaches a systematic mapping study
Software Engineering Artificial Intelligence Networking and Parallel Distributed Computing, 2015Co-Authors: Sajjad Rafique, Ansar Abbas, Muhammad Wasim Akhtar, Bushra Hamid, Mamoona Humayun, Kamil IqbalAbstract:Number of Security vulnerabilities in web Application has grown with the tremendous growth of web Application in last two decades. As the domain of Web Applications is maturing, large number of empirical studies has been reported in web Applications to address the solution of vulnerable web Application. However, before advancing towards finding new approaches of web Applications Security vulnerability detection, there is a need to analyze and synthesize existing evidence based studies in web Applications area. To do this, we have planned to conduct a systematic mapping study to view and report the state-of-the-art of empirical work in existing research of web Applications. In this paper, we aimed at providing a description of mapping study for synthesizing the reported empirical research in the area of web Applications Security vulnerabilities detection approaches. The proposed solutions are mapped against: (1) the software development stages for which the solution has been proposed and (2) the web Application vulnerabilities mapping according to OWASP Top 10 Security vulnerabilities. To do this, existing literature has been surveyed using a systematic mapping study by phrasing two research questions. In the mapping study, a total of 41 studies dating from 1994 to 2014 were evaluated and mapped against the aforementioned categories. The outcome of this mapping study is current state-of-the-art of empirical research in web Application area, strength and weaknesses of existing empirical work, best practices and possible directions for future research.
Hasan Javed - One of the best experts on this subject based on the ideXlab platform.
-
Systematic Review of Web Application Security Vulnerabilities Detection Methods
Journal of Computational Chemistry, 2015Co-Authors: Sajjad Rafique, Ansar Abbas, Mamoona Humayun, Hasan JavedAbstract:In recent years, web Security has been viewed in the context of securing the web Application layer from attacks by unauthorized users. The vulnerabilities existing in the web Application layer have been attributed either to using an inappropriate software development model to guide the development process, or the use of a software development model that does not consider Security as a key factor. Therefore, this systematic literature review is conducted to investigate the various Security vulnerabilities used to secure the web Application layer, the Security approaches or techniques used in the process, the stages in the software development in which the approaches or techniques are emphasized, and the tools and mechanisms used to detect vulnerabilities. The study extracted 519 publications from respectable scientific sources, i.e. the IEEE Computer Society, ACM Digital Library, Science Direct, Springer Link. After detailed review process, only 56 key primary studies were considered for this review based on defined inclusion and exclusion criteria. From the review, it appears that no one software is referred to as a standard or preferred software product for web Application development. In our SLR, we have performed a deep analysis on web Application Security vulnerabilities detection methods which help us to identify the scope of SLR for comprehensively investigation in the future research. Further in this SLR considering OWASP Top 10 web Application vulnerabilities discovered in 2012, we will attempt to categories the accessible vulnerabilities. OWASP is major source to construct and validate web Security processes and standards.
Bill Rogers - One of the best experts on this subject based on the ideXlab platform.
-
finding a safe port cyber Security analysis for open source digital library software
ACM IEEE Joint Conference on Digital Libraries, 2020Co-Authors: Alex Tudu, David Bainbridge, Bill RogersAbstract:This article presents the results of an investigation into how safe, from a cyber-Security standpoint, our Open Source Digital Library (DL) systems are. The fact that these systems use open source software presents particular challenges in terms of securely running a web-based digital repository, as a malicious user has the added advantage that they can study the source code to the system to establish new vectors of attack, in addition to the many well documented black-box forms of web hacking. To scope the work reported we focused on two widely used digital library systems: DSpace and Greenstone, undertaking both Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), in addition to more traditional port scans. We summarize the deficiencies found and detail how to make improvements to both systems to make them more secure. We conclude by reflecting more broadly on the forms of Security concerns found, to help inform future development of DL software architectures.
Ferda Ozdemir Sonmez - One of the best experts on this subject based on the ideXlab platform.
-
Holistic Web Application Security Visualization for Multi-Project and Multi-Phase Dynamic Application Security Test Results
IEEE Access, 2021Co-Authors: Ferda Ozdemir Sonmez, Banu Günel KiliçAbstract:As the number of web Applications and the corresponding number and sophistication of the threats increases, creating new tools that are efficient and accessible becomes essential. Although there is much research concentrating on network Security visualizations, there are only a few studies considering the web Application vulnerabilities' possible visualization options. Consequently, to fill this gap, this research centers around a novel perception configuration to improve web Application vulnerability monitoring. This study forms a generic data structure based on data sources that might be readily associated and commonly available for the majority of the web Applications. The primary contribution of this study is a new dashboard tool for visualizing dynamic Application Security test results. Another contribution is the metrics/measures that the tool presents. The paper also describes a validation study in which participants answered quiz questions upon using the tool prototype. For the case study, sample data has been generated using the OWASP ZAP scanner tool and a prototype has been implemented to be used for validation purposes. This study allows the investigation of fifty metrics/measures for the multi-project/phase environment that enhances its benefits if the user aims to monitor a series of analyses' results and the changes between them for more than one web project.
-
Security qualitative metrics for open web Application Security project compliance
Procedia Computer Science, 2019Co-Authors: Ferda Ozdemir SonmezAbstract:Abstract The focus of this study is to find out repeatable features for large-scale enterprise web Application production process related to based on OWASP Security requirement list. As a result of a rigorous work including domain analysis for Java language and development frameworks and the examination of a large set of technical documents, 230 Security qualitative metrics are discovered, under six categories. These Security qualitative metrics are beneficial for Security analysts as well as other parties such as designers, developers, and testers. The findings provide a developer/designer point of view and would help to make better decisions related to the environment set up, technology selection, and the architecture, design, and implementation details. As a result of this effort, the overall vulnerability level of the web Applications would diminish significantly.
Chung Hung Tsai - One of the best experts on this subject based on the ideXlab platform.
-
a testing framework for web Application Security assessment
Computer Networks, 2005Co-Authors: Yao-wen Huang, Tsung-po Lin, Shih-kun Huang, Chung Hung Tsai, D T Lee, Syyen KuoAbstract:The rapid development phases and extremely short turnaround time of Web Applications make it difficult to eliminate their vulnerabilities. Here we study how software testing techniques such as fault injection and runtime monitoring can be applied to Web Applications. We implemented our proposed mechanisms in the Web Application Vulnerability and Error Scanner (WAVES)--a black-box testing framework for automated Web Application Security assessment. Real-world situations are used to test WAVES and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web Application Security.
-
Web Application Security assessment by fault injection and behavior monitoring
Proceedings of the World Wide Web Conference (WWW), 2003Co-Authors: Yao-wen Huang, Tsung-po Lin, Shih-kun Huang, Chung Hung TsaiAbstract:As a large and complex Application platform, the World Wide Web is capable of delivering a broad range of sophisticated Applications. However, many Web Applications go through rapid development phases with extremely short turnaround time, making it difficult to eliminate vulnerabilities. Here we analyze the design of Web Application Security assessment mechanisms in order to identify poor coding practices that render Web Applications vulnerable to attacks such as SQL injection and cross-site scripting. We describe the use of a number of software-testing techniques (including dynamic analysis, black-box testing, fault injection, and behavior monitoring), and suggest mechanisms for applying these techniques to Web Applications. Real-world situations are used to test a tool we named the Web Application Vulnerability and Error Scanner (WAVES, an open-source project available at http://waves.sourceforge.net) and to compare it with other tools. Our results show that WAVES is a feasible platform for assessing Web Application Security.
