Delamore, 2014 - Google Patents
An Extensible Web Application Vulnerability Assessment and Testing FrameworkDelamore, 2014
View PDF- Document ID
- 8359338215396017204
- Author
- Delamore B
- Publication year
External Links
Snippet
The process of identifying vulnerabilities in web services plays an integral role in reducing risk to an organisation that seeks to protect their intellectual property and data. The process itself generally involves an automated scan that looks for software misconfigurations …
- 238000000034 method 0 abstract description 31
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/552—Detecting local intrusion or implementing counter-measures involving long-term monitoring or reporting
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/554—Detecting local intrusion or implementing counter-measures involving event detection and direct action
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
- G06F21/6245—Protecting personal data, e.g. for financial or medical purposes
- G06F21/6263—Protecting personal data, e.g. for financial or medical purposes during internet communication, e.g. revealing personal data from cookies
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Nagpure et al. | Vulnerability assessment and penetration testing of web application | |
| US12267352B2 (en) | Rest API scanning for security testing | |
| Ravindran et al. | A Review on Web Application Vulnerability Assessment and Penetration Testing. | |
| Nagpal et al. | SECSIX: security engine for CSRF, SQL injection and XSS attacks | |
| Gandikota et al. | Web application security through comprehensive vulnerability assessment | |
| Sharif | Web attacks analysis and mitigation techniques | |
| Kollepalli et al. | An Experimental Study on Detecting and Mitigating Vulnerabilities in Web Applications. | |
| Bhalme et al. | Cyber attack detection and implementation of prevention methods for web application | |
| Cvitić et al. | Defining cross-site scripting attack resilience guidelines based on BeEF framework simulation | |
| Deshpande et al. | Major web application threats for data privacy & security–detection, analysis and mitigation strategies | |
| Avramescu et al. | Guidelines for discovering and improving application security | |
| Kaur et al. | Cross-site-scripting attacks and their prevention during development | |
| Kothawade et al. | Cloud Security: Penetration Testing of Application in Micro-service architecture and Vulnerability Assessment. | |
| Gautam et al. | Passwords Are Meant to Be Secret: A Practical Secure Password Entry Channel for Web Browsers | |
| Čović | Threats and Vulnerabilities in Web Applications and How to Avoid Them | |
| Laitinen | Vulnerabilities in the wild: Detecting vulnerable Web applications at scale | |
| MEHARU | WEB SECURITY VULNERABILITY ANALYSIS IN SELECTED ETHIOPIAN GOVERNMENTAL OFFICES (USING WHITE BOX AND BLACK BOX TESTING) | |
| Nunes | Blended security analysis for web applications: Techniques and tools | |
| Izagirre | Deception strategies for web application security: application-layer approaches and a testing platform | |
| Almi | Web Server Security and Survey on Web Application Security | |
| Delamore | An Extensible Web Application Vulnerability Assessment and Testing Framework | |
| Jyothi et al. | Vuln-Check: A Static Analyzer Framework for Security Parameters in Web | |
| tul Hassan | Analysis of vulnerabilities in system by penetration testing | |
| Häyrynen | Evaluation of state-of-the-art web application vulnerability scanners | |
| Alanda et al. | Cross-Site Scripting (XSS) Vulnerabilities in Modern Web Applications |