The Experts below are selected from a list of 1026 Experts worldwide ranked by ideXlab platform
Henrique Madeira - One of the best experts on this subject based on the ideXlab platform.
-
PRDC - Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks
13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), 2007Co-Authors: Jose Fonseca, Marco Vieira, Henrique MadeiraAbstract:Web applications are typically developed with hard time constraints and are often deployed with security vulnerabilities. Automatic web Vulnerability scanners can help to locate these vulnerabilities and are popular tools among developers of web applications. Their purpose is to stress the application from the attacker's point of view by issuing a huge amount of interaction within it. Two of the most widely spread and dangerous vulnerabilities in web applications are SQL injection and cross site scripting (XSS), because of the damage they may cause to the victim business. Trusting the results of web Vulnerability Scanning tools is of utmost importance. Without a clear idea on the coverage and false positive rate of these tools, it is difficult to judge the relevance of the results they provide. Furthermore, it is difficult, if not impossible, to compare key figures of merit of web Vulnerability scanners. In this paper we propose a method to evaluate and benchmark automatic web Vulnerability scanners using software fault injection techniques. The most common types of software faults are injected in the web application code which is then checked by the scanners. The results are compared by analyzing coverage of Vulnerability detection and false positives. Three leading commercial Scanning tools are evaluated and the results show that in general the coverage is low and the percentage of false positives is very high.
-
Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks
13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), 2007Co-Authors: Jose Fonseca, Marco Vieira, Henrique MadeiraAbstract:Web applications are typically developed with hard time constraints and are often deployed with security vulnerabilities. Automatic web Vulnerability scanners can help to locate these vulnerabilities and are popular tools among developers of web applications. Their purpose is to stress the application from the attacker's point of view by issuing a huge amount of interaction within it. Two of the most widely spread and dangerous vulnerabilities in web applications are SQL injection and cross site scripting (XSS), because of the damage they may cause to the victim business. Trusting the results of web Vulnerability Scanning tools is of utmost importance. Without a clear idea on the coverage and false positive rate of these tools, it is difficult to judge the relevance of the results they provide. Furthermore, it is difficult, if not impossible, to compare key figures of merit of web Vulnerability scanners. In this paper we propose a method to evaluate and benchmark automatic web Vulnerability scanners using software fault injection techniques. The most common types of software faults are injected in the web application code which is then checked by the scanners. The results are compared by analyzing coverage of Vulnerability detection and false positives. Three leading commercial Scanning tools are evaluated and the results show that in general the coverage is low and the percentage of false positives is very high.
Douglas S. Reeves - One of the best experts on this subject based on the ideXlab platform.
-
ACSAC - Reasoning about complementary intrusion evidence
20th Annual Computer Security Applications Conference, 2004Co-Authors: Y. Zhai, Peng Ning, P. Iyer, Douglas S. ReevesAbstract:This paper presents techniques to integrate and reason about complementary intrusion evidence such as alerts generated by intrusion detection systems (IDSs) and reports by system monitoring or Vulnerability Scanning tools. To facilitate the modeling of intrusion evidence, this paper classifies intrusion evidence into either event-based evidence or state-based evidence. Event-based evidence refers to observations (or detections) of intrusive actions (e.g., IDS alerts), while state-based evidence refers to observations of the effects of intrusions on system states. Based on the interdependency between event-based and state-based evidence, this paper develops techniques to automatically integrate complementary evidence into Bayesian networks, and reason about uncertain or unknown intrusion evidence based on verified evidence. The experimental results in this paper demonstrate the potential of the proposed techniques. In particular, additional observations by system monitoring or Vulnerability Scanning tools can potentially reduce the false alert rate and increase the confidence in alerts corresponding to successful attacks.
-
Reasoning about complementary intrusion evidence
20th Annual Computer Security Applications Conference, 2004Co-Authors: Y. Zhai, Peng Ning, P. Iyer, Douglas S. ReevesAbstract:This paper presents techniques to integrate and reason about complementary intrusion evidence such as alerts generated by intrusion detection systems (IDSs) and reports by system monitoring or Vulnerability Scanning tools. To facilitate the modeling of intrusion evidence, this paper classifies intrusion evidence into either event-based evidence or state-based evidence. Event-based evidence refers to observations (or detections) of intrusive actions (e.g., IDS alerts), while state-based evidence refers to observations of the effects of intrusions on system states. Based on the interdependency between event-based and state-based evidence, this paper develops techniques to automatically integrate complementary evidence into Bayesian networks, and reason about uncertain or unknown intrusion evidence based on verified evidence. The experimental results in this paper demonstrate the potential of the proposed techniques. In particular, additional observations by system monitoring or Vulnerability Scanning tools can potentially reduce the false alert rate and increase the confidence in alerts corresponding to successful attacks.
Jose Fonseca - One of the best experts on this subject based on the ideXlab platform.
-
PRDC - Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks
13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), 2007Co-Authors: Jose Fonseca, Marco Vieira, Henrique MadeiraAbstract:Web applications are typically developed with hard time constraints and are often deployed with security vulnerabilities. Automatic web Vulnerability scanners can help to locate these vulnerabilities and are popular tools among developers of web applications. Their purpose is to stress the application from the attacker's point of view by issuing a huge amount of interaction within it. Two of the most widely spread and dangerous vulnerabilities in web applications are SQL injection and cross site scripting (XSS), because of the damage they may cause to the victim business. Trusting the results of web Vulnerability Scanning tools is of utmost importance. Without a clear idea on the coverage and false positive rate of these tools, it is difficult to judge the relevance of the results they provide. Furthermore, it is difficult, if not impossible, to compare key figures of merit of web Vulnerability scanners. In this paper we propose a method to evaluate and benchmark automatic web Vulnerability scanners using software fault injection techniques. The most common types of software faults are injected in the web application code which is then checked by the scanners. The results are compared by analyzing coverage of Vulnerability detection and false positives. Three leading commercial Scanning tools are evaluated and the results show that in general the coverage is low and the percentage of false positives is very high.
-
Testing and Comparing Web Vulnerability Scanning Tools for SQL Injection and XSS Attacks
13th Pacific Rim International Symposium on Dependable Computing (PRDC 2007), 2007Co-Authors: Jose Fonseca, Marco Vieira, Henrique MadeiraAbstract:Web applications are typically developed with hard time constraints and are often deployed with security vulnerabilities. Automatic web Vulnerability scanners can help to locate these vulnerabilities and are popular tools among developers of web applications. Their purpose is to stress the application from the attacker's point of view by issuing a huge amount of interaction within it. Two of the most widely spread and dangerous vulnerabilities in web applications are SQL injection and cross site scripting (XSS), because of the damage they may cause to the victim business. Trusting the results of web Vulnerability Scanning tools is of utmost importance. Without a clear idea on the coverage and false positive rate of these tools, it is difficult to judge the relevance of the results they provide. Furthermore, it is difficult, if not impossible, to compare key figures of merit of web Vulnerability scanners. In this paper we propose a method to evaluate and benchmark automatic web Vulnerability scanners using software fault injection techniques. The most common types of software faults are injected in the web application code which is then checked by the scanners. The results are compared by analyzing coverage of Vulnerability detection and false positives. Three leading commercial Scanning tools are evaluated and the results show that in general the coverage is low and the percentage of false positives is very high.
Y. Zhai - One of the best experts on this subject based on the ideXlab platform.
-
ACSAC - Reasoning about complementary intrusion evidence
20th Annual Computer Security Applications Conference, 2004Co-Authors: Y. Zhai, Peng Ning, P. Iyer, Douglas S. ReevesAbstract:This paper presents techniques to integrate and reason about complementary intrusion evidence such as alerts generated by intrusion detection systems (IDSs) and reports by system monitoring or Vulnerability Scanning tools. To facilitate the modeling of intrusion evidence, this paper classifies intrusion evidence into either event-based evidence or state-based evidence. Event-based evidence refers to observations (or detections) of intrusive actions (e.g., IDS alerts), while state-based evidence refers to observations of the effects of intrusions on system states. Based on the interdependency between event-based and state-based evidence, this paper develops techniques to automatically integrate complementary evidence into Bayesian networks, and reason about uncertain or unknown intrusion evidence based on verified evidence. The experimental results in this paper demonstrate the potential of the proposed techniques. In particular, additional observations by system monitoring or Vulnerability Scanning tools can potentially reduce the false alert rate and increase the confidence in alerts corresponding to successful attacks.
-
Reasoning about complementary intrusion evidence
20th Annual Computer Security Applications Conference, 2004Co-Authors: Y. Zhai, Peng Ning, P. Iyer, Douglas S. ReevesAbstract:This paper presents techniques to integrate and reason about complementary intrusion evidence such as alerts generated by intrusion detection systems (IDSs) and reports by system monitoring or Vulnerability Scanning tools. To facilitate the modeling of intrusion evidence, this paper classifies intrusion evidence into either event-based evidence or state-based evidence. Event-based evidence refers to observations (or detections) of intrusive actions (e.g., IDS alerts), while state-based evidence refers to observations of the effects of intrusions on system states. Based on the interdependency between event-based and state-based evidence, this paper develops techniques to automatically integrate complementary evidence into Bayesian networks, and reason about uncertain or unknown intrusion evidence based on verified evidence. The experimental results in this paper demonstrate the potential of the proposed techniques. In particular, additional observations by system monitoring or Vulnerability Scanning tools can potentially reduce the false alert rate and increase the confidence in alerts corresponding to successful attacks.
Farnam Jahanian - One of the best experts on this subject based on the ideXlab platform.
-
RAID - CANVuS: context-aware network Vulnerability Scanning
Lecture Notes in Computer Science, 2010Co-Authors: Yunjing Xu, Michael Bailey, Eric Vander Weele, Farnam JahanianAbstract:Enterprise networks face a variety of threats including worms, viruses, and DDoS attacks. Development of effective defenses against these threats requires accurate inventories of network devices and the services they are running. Traditional Vulnerability Scanning systems meet these requirements by periodically probing target networks to discover hosts and the services they are running. This polling-based model of Vulnerability Scanning suffers from two problems that limit its effectiveness--wasted network resources and detection latency that leads to stale data. We argue that these limitations stem primarily from the use of time as the Scanning decision variable. To mitigate these problems, we instead advocate for an event-driven approach that decides when to scan based on changes in the network context--an instantaneous view of the host and network state. In this paper, we propose an architecture for building network context for enterprise security applications by using existing passive data sources and common network formats. Using this architecture, we built CANVuS, a context-aware network Vulnerability Scanning system that triggers Scanning operations based on changes indicated by network activities. Experimental results show that this approach outperforms the existing models in timeliness and consumes much fewer network resources.
-
CANVuS: Context-aware network Vulnerability Scanning
Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics), 2010Co-Authors: Yunjing Xu, Eric Vander Weele, Michael Bailey, Farnam JahanianAbstract:Enterprise networks face a variety of threats including worms, viruses, and DDoS attacks. Development of effective defenses against these threats requires accurate inventories of network devices and the services they are running. Traditional Vulnerability Scanning systems meet these requirements by periodically probing target networks to discover hosts and the services they are running. This polling-based model of Vulnerability Scanning suffers from two problems that limit its effectivenesswasted network resources and detection latency that leads to stale data. We argue that these limitations stem primarily from the use of time as the Scanning decision variable. To mitigate these problems, we instead advocate for an event-driven approach that decides when to scan based on changes in the network contextan instantaneous view of the host and network state. In this paper, we propose an architecture for building network context for enterprise security applications by using existing passive data sources and common network formats. Using this architecture, we built CANVuS, a context-aware network Vulnerability Scanning system that triggers Scanning operations based on changes indicated by network activities. Experimental results show that this approach outperforms the existing models in timeliness and consumes much fewer network resources.
