Prokhorenko et al., 2016 - Google Patents
Web application protection techniques: A taxonomyProkhorenko et al., 2016
- Document ID
- 10487809675284406980
- Author
- Prokhorenko V
- Choo K
- Ashman H
- Publication year
- Publication venue
- Journal of Network and Computer Applications
External Links
Snippet
The growing popularity of web applications makes them an attractive target for malicious users. Large amounts of private data commonly processed and stored by web applications are a valuable asset for attackers, resulting in more sophisticated web-oriented attacks …
- 230000004224 protection 0 title abstract description 244
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/82—Protecting input, output or interconnection devices
- G06F21/83—Protecting input, output or interconnection devices input devices, e.g. keyboards, mice or controllers thereof
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/70—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer
- G06F21/71—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information
- G06F21/77—Protecting specific internal or peripheral components, in which the protection of a component leads to protection of the entire computer to assure secure computing or processing of information in smart cards
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/30—Authentication, i.e. establishing the identity or authorisation of security principals
- G06F21/31—User authentication
- G06F21/34—User authentication involving the use of external additional devices, e.g. dongles or smart cards
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1483—Countermeasures against malicious traffic service impersonation, e.g. phishing, pharming or web spoofing
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1441—Countermeasures against malicious traffic
- H04L63/1458—Denial of Service
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2119—Authenticating web pages, e.g. with suspicious links
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Prokhorenko et al. | Web application protection techniques: A taxonomy | |
| US10592676B2 (en) | Application security service | |
| Fredj et al. | An OWASP top ten driven survey on web application protection methods | |
| Liu et al. | A survey of exploitation and detection methods of XSS vulnerabilities | |
| Chang et al. | Analyzing and defending against web-based malware | |
| Li et al. | A survey on server-side approaches to securing web applications | |
| Li et al. | A survey on web application security | |
| Nunan et al. | Automatic classification of cross-site scripting in web pages using document-based and URL-based features | |
| Johari et al. | A survey on web application vulnerabilities (SQLIA, XSS) exploitation and security engine for SQL injection | |
| Cova et al. | Detection and analysis of drive-by-download attacks and malicious JavaScript code | |
| Pan et al. | Cspautogen: Black-box enforcement of content security policy upon real-world websites | |
| Borgolte et al. | Delta: automatic identification of unknown web-based infection campaigns | |
| Sasi et al. | A comprehensive survey on IoT attacks: Taxonomy, detection mechanisms and challenges | |
| Zhang et al. | Causality-based sensemaking of network traffic for android application security | |
| Wang et al. | A combined static and dynamic analysis approach to detect malicious browser extensions | |
| Luh et al. | AIDIS: Detecting and classifying anomalous behavior in ubiquitous kernel processes | |
| Chaudhary et al. | Plague of cross-site scripting on web applications: a review, taxonomy and challenges | |
| Gupta et al. | Evaluation and monitoring of XSS defensive solutions: a survey, open research issues and future directions | |
| Hannousse et al. | Twenty-two years since revealing cross-site scripting attacks: a systematic mapping and a comprehensive survey | |
| Falana et al. | Detection of cross-site scripting attacks using dynamic analysis and fuzzy inference system | |
| Fredj | Spheres: an efficient server-side web application protection system | |
| Kaur et al. | Defense against HTML5 XSS attack vectors: a nested context-aware sanitization technique | |
| Sharif | Web attacks analysis and mitigation techniques | |
| Sundareswaran et al. | XSS-Dec: A hybrid solution to mitigate cross-site scripting attacks | |
| Patil | Request dependency integrity: validating web requests using dependencies in the browser environment |