A Study of Gaps in Defensive Countermeasures for Web Security

Abstract

Web-based attacks are a prominent class of cyber attacks in today's networks. They are attacks that violate the security properties of web servers, web applications, web portals, web browsers, and web services. They can damage confidentiality, integrity, and availability of systems and networks and pose a significant threat to both systems connected to open, public networks (i.e. the Internet)and those that reside on closed, private networks. In their impact and sophistication, web-based attacks are on par with host-based attacks. Most web-based attacks are a form of the confused deputy problem in which one party is fooled about the identity or authority of another party. Virtually all web-based attacks are also a form of input validation problem where the target fails to properly check a potentially malicious, user provided input.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Oct 18, 2015
Accession Number
AD1034023

Entities

People

  • Hamed Okhravi
  • Kevin Bauer
  • Shannon C. Roberts
  • Thomas R Hobson
  • William W. Streilein

Organizations

  • MIT Lincoln Laboratory

Tags

Communities of Interest

  • Cyber
  • Engineered Resilient Systems

DTIC Thesaurus Topics

  • Code Injection
  • Computer Access Control
  • Computer Programming
  • Computer Programs
  • Computers
  • Cyberattacks
  • Cybersecurity
  • Detection
  • Electronic Mail
  • Infrastructure
  • Internet
  • Network Architecture
  • Social Media
  • Social Networking Services
  • Web Applications
  • Web Browsers
  • Web Service

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • Cyber