Refereed paper: A new taxonomy of Web attacks suitable for efficient encoding
作者: Gonzalo Álvarez , Slobodan Petrović
DOI: 10.1016/S0167-4048(03)00512-1
关键词: Information system 、 Taxonomy (general) 、 Source code 、 The Internet 、 Protocol (object-oriented programming) 、 Computer science 、 Intrusion detection system 、 Computer security 、 Encoding (memory) 、 World Wide Web 、 Web server
摘要: Web attacks, i.e. attacks exclusively using the HTTP/HTTPS protocol, are rapidly becoming one of fundamental threats for information systems connected to Internet. When suffered by servers through years analyzed, it is observed that most them very similar, a reduced number attacking techniques. It generally agreed classification can help designers and programmers better understand build more secure applications. As an effort in this direction, new taxonomy proposed paper, with objective obtaining useful reference framework security The use illustrated means multiplatform real world attack examples. Along taxonomy, important features each category discussed. A semantic-dependent encoding scheme also defined that, together be used process low time memory consumption. Applications described, such as intrusion detection application firewalls.
elsevier.com
oasis-open.org 参考文章(27)
Daniel Lowry Lough, Nathaniel J. Davis, A taxonomy of computer attacks with applications to wireless networks Virginia Polytechnic Institute and State University. ,(2001)
Thomas Winfred Richardson, The development of a database taxonomy of vulnerabilities to support the study of denial of service attacks Iowa State University. ,(2001) , 10.31274/RTD-180813-12046
Chris Anley, Advanced SQL Injection In SQL Server Applications ,(2002)
Mike Shema, David Wong, Joel Scambray, Hacking Exposed Web Applications: Web Application Security Secrets & Solutions Osborne/McGraw-Hill. ,(2002)
Norman Abramson, Information theory and coding ,(1963)
Elizabeth D. Zwicky, D. Brent Chapman, Simon Cooper, Building Internet firewalls (2nd ed.) O'Reilly & Associates, Inc.. ,(2000)
Mike Shema, Joel Scambray, Hacking exposed Web applications McGraw-Hill/Osborne. ,(2002)
Michael Purser, Secure Data Networking ,(1993)
David Leblanc, Brian Valentine, Michael Howard, Writing Secure Code ,(2001)
John D. Howard, Thomas A Longstaff, A common language for computer security incidents United States. National Technical Information Service. ,(1998) , 10.2172/751004