Call For Paper Volume:4 Issue:8 Aug'2017 |

Evaluation of Web Security Mechanisms Using Vait

Publication Date : 31/03/2015



Author(s) :

Anantharaman R , Hariharan M , Mohammed Ansar Ali M.A.


Volume/Issue :
Volume 2
,
Issue 3
(03 - 2015)



Abstract :

This research proposes a methodology and a prototype tool to assess web application security mechanisms. The methodology is based on the inspiration that injecting realistic vulnerabilities in a web application and attacking them automatically can be used to sustain the assessment of presented security mechanisms and tools in custom setup scenarios. To offer true to life results, the projected vulnerability and attack injection approaches relies on the study of a huge number of vulnerabilities in real web applications. In addition to the nonspecific approaches, the manuscript describes the performance of the Vulnerability & Attack Injector Tool (VAIT) that allows the automation of the complete process. We used this tool to run a set of experiments that reveal the possibility and the efficiency of the projected approaches. The experiments comprise the assessment of coverage and false positives of an intrusion detection system for SQL Injection attacks and the assessment of the effectiveness of two top commercial web application vulnerability scanners. Results show that the injection of vulnerabilities and attacks is certainly an effectual way to assess security mechanisms and to point out not only their weaknesses but also ways for their enhancement. This research proposes a methodology and a prototype tool to assess web application security mechanisms. The methodology is based on the inspiration that injecting realistic vulnerabilities in a web application and attacking them automatically can be used to sustain the assessment of presented security mechanisms and tools in custom setup scenarios. To offer true to life results, the projected vulnerability and attack injection approaches relies on the study of a huge number of vulnerabilities in real web applications. In addition to the nonspecific approaches, the manuscript describes the performance of the Vulnerability & Attack Injector Tool (VAIT) that allows the automation of the complete process. We used this tool to run a set of experiments that reveal the possibility and the efficiency of the projected approaches. The experiments comprise the assessment of coverage and false positives of an intrusion detection system for SQL Injection attacks and the assessment of the effectiveness of two top commercial web application vulnerability scanners. Results show that the injection of vulnerabilities and attacks is certainly an effectual way to assess security mechanisms and to point out not only their weaknesses but also ways for their enhancement.


No. of Downloads :

91


Indexing

Web Design MymensinghPremium WordPress ThemesWeb Development

Evaluation of Web Security Mechanisms Using Vait

March 24, 2015