Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
Skip to main content
SpringerLink
Log in

A Design and Implementation of Profile Based Web Application Securing Proxy

  • Conference paper
Information Security Practice and Experience (ISPEC 2006)

Part of the book series: Lecture Notes in Computer Science ((LNSC,volume 3903))

Abstract

Recently, the security threat on web application is increasing rapidly and especially open source web applications are becoming popular target of web server hacking. And more there was a worm which spread via web application vulnerabilities. Web application attack uses the vulnerability not in web server itself, but in structural, logical, and code errors. The majority of flaws in web applications are caused by absence of the user input validation. But, it is difficult to detect various abnormal user inputs by pattern matching method. In this paper, we propose the web application securing proxy based on profiling which can be constructed by learning usual normal activity. The proposed proxy system can detect and filter out attacker’s abnormal requests via anomaly detection mechanism.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 39.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 54.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. Turner, D., Entwisle, S., et al.: Semantec Internet Security Threat Report Volume VII. In: Semantec (March 2005)

    Google Scholar 

  2. http://www.theregister.co.uk/2004/12/21/santy_worm/

  3. http://isc.sans.org/diary.php?date=2004-12-25

  4. Williams, J.R., et al.: The Ten Most Critical Web Application Security Vulnerabilities. In: OWASP (2004)

    Google Scholar 

  5. Curphey, M., Scambray, J., Olson, E.: Improving Web Application Security: Threats and Countermeasures. Microsoft Corporation (2003)

    Google Scholar 

  6. Ristic, I.: Web Intrusion Detection with Mod_Security. In: OWASP AppSec Europe

    Google Scholar 

  7. Shah, S.: Defending Web Services using Mod Security(Apache). NetSquare (2004)

    Google Scholar 

  8. Barnett, R.C.: mod_security Web Intrusion Detection And Prevention. In: SANS (December 2003)

    Google Scholar 

  9. Scott, D., Sharp, R.: Abstracting Application-Level Web Security. In: Proc. of the World Wide Web Conference (2002)

    Google Scholar 

  10. Huang, Y.W., et al.: Securing Web Application Code by static Analysis and Runtime Protection. In: Proc. of the World Wide Web Conference (May 2004)

    Google Scholar 

  11. Benedikt, M., Freire, J., Godeproid, P.: VeriWeb: Automatically Testing Dynamic Web Sites. In: Proc. of the World Wide Web Conference (2002)

    Google Scholar 

  12. Curphey, M., Endler, D.: A Guide to Building Secure Web Applications. In: OWASP (September 2002)

    Google Scholar 

  13. Kruegel, C., Vigna, G., Robertson, W.: A multi-model approach to the detection of web-based attacks. Computer Networks 48(5), 717–738 (2005)

    Article  Google Scholar 

  14. Auger, R., Barnett, R.: Web Application Security Consortium: Threat Classification Version 1.0. Web Application Security Consortium (2004), http://www.webappsec.org

  15. Segal, O.: Web Application Forensics: The unchatterd Territory. In: SANCTUM (2002)

    Google Scholar 

  16. Huseby, S.H.: Common Security Problems in the Code of Dynamic Web Applications. Web Application Security Consortium (June 2005), www.webappsec.org

  17. BugTraq, http://www.securityfocus.com/archive/1

Download references

Author information

Authors and Affiliations

  1. National Security Research Institute, 161 Kajeong-dong, Daejon, 305-350, Korea

    Youngtae Yun, Sangseo Park & Yosik Kim

  2. IIRTRC, Chungnam National University, 220, Kung-dong, Daejon, 305-764, Korea

    Jaecheol Ryou

Authors
  1. Youngtae Yun
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Sangseo Park
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Yosik Kim
    View author publications

    You can also search for this author in PubMed Google Scholar

  4. Jaecheol Ryou
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. Department of Computer Science and Engineering, Shanghai Jiao Tong University, 200240, Shanghai, China

    Kefei Chen  & Xuejia Lai  & 

  2. Singapore Management University (SMU), 80 Stamford Road, 178902, Singapore

    Robert Deng

  3. Cryptography and Security Department Institute for Infocomm Research, Singapore

    Jianying Zhou

Rights and permissions

Reprints and permissions

Copyright information

© 2006 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Yun, Y., Park, S., Kim, Y., Ryou, J. (2006). A Design and Implementation of Profile Based Web Application Securing Proxy. In: Chen, K., Deng, R., Lai, X., Zhou, J. (eds) Information Security Practice and Experience. ISPEC 2006. Lecture Notes in Computer Science, vol 3903. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11689522_23

Download citation

  • DOI: https://doi.org/10.1007/11689522_23

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-540-33052-3

  • Online ISBN: 978-3-540-33058-5

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation