Network Monitoring for Web-Based Threats

Abstract

This report models the approach a focused attacker would take in order to breach an organization through web-based protocols and provides detection or prevention methods to counter that approach. It discusses the means an attacker takes to collect information about the organization's web presence. It also describes several threat types, including configuration management issues, authorization problems, data validation issues, session management issues, and cross-site attacks. Individual threats within each type are examined in detail, with examples (where applicable) and a potential network monitoring solution provided. For quick reference, the appendix includes all potential network monitoring solutions for the threats described in the report. Due to the ever-changing entity that is the web, the threats and protections outlined in the report are not to be taken as the definitive resource on web-based attacks. This report is meant to be a starting reference point only.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 01, 2011
Accession Number
ADA537060

Entities

People

  • Matthew Heckathorn

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Computer Program Documentation
  • Computer Programming
  • Computer Programs
  • Computers
  • Configuration Management
  • Database Management Systems
  • Detection
  • Digital Toolbox
  • Electronic Mail
  • Information Systems
  • Network Protocols
  • Operating Systems
  • Port Scanners
  • Relational Database Management Systems
  • Transport Protocols
  • Web Browsers

Fields of Study

  • Computer science

Readers

  • Business Analytics
  • Cybersecurity.