National Repository of Grey Literature 2 records found  Search took 0.00 seconds. 
Web server attack analyzer
Mižišin, Michal ; Novotný, Miroslav (advisor) ; Mareš, Martin (referee)
In this work I will focus on the most common forms of attacks on web applications. My focus will point on so called Injection flaws (attacks where data given by user are interpreted and executed), XSS (Cross Site Scripting) and CSRF (Cross Site Request Forgery), that have for web application in case of compromisation fatal consequences. I will describe these attacks, their history, concrete examples of successful execution. I will propose also possible kinds of protection and possibilities of detection.
Web server attack analyzer
Mižišin, Michal ; Novotný, Miroslav (advisor) ; Čermák, Miroslav (referee)
Web server attack analyzer - Abstract The goal of this work was to create prototype of analyzer of injection flaws attacks on web server. Proposed solution combines capabilities of web application firewall and web server log analyzer. Analysis is based on configurable signatures defined by regular expressions. This paper begins with summary of web attacks, followed by detection techniques analysis on web servers, description and justification of selected implementation. In the end are characterized possibilities of further development in area of better results of false positives. Implemented detection of all proposed attacks did slow down server response time by 10% and was able to detect more than 99% SQL injection, Path traversal and SSI injection attacks contained in web application security scanners.

Interested in being notified about new results for this query?
Subscribe to the RSS feed.