A Taxonomy of Web Security Vulnerabilities

被引：3

作者：

Al-Kahla, Wafaa ^{[1
]}

Shatnawi, Ahmed S. ^{[2
]}

Taqieddin, Eyad ^{[1
]}

机构：

[1] Jordan Univ Sci & Technol, Dept Network Engn Secur, Irbid, Jordan

[2] Jordan Univ Sci & Technol, Dept Software Engn, Irbid, Jordan

来源：

2021 12TH INTERNATIONAL CONFERENCE ON INFORMATION AND COMMUNICATION SYSTEMS (ICICS) | 2021年

关键词：

web security; XSS; static; dynamic analysis;

D O I：

10.1109/ICICS52457.2021.9464576

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

the rapid evolution in web applications and software development has not witnessed a similar pace in development opposite what has taken place in the security and cybersecurity arenas. Web applications security has become a significant issue since insecure applications and software undermine various areas including finance, health care, defense, and other mission critical infrastructures. Web application vulnerability results from misconfiguration, flaws in the design, implementation, operation, or management at the different levels of a web application (input side, output side, or both sides). This taxonomy paper studies web vulnerabilities, their impact on users' infrastructures, and their detection tools (static, dynamic, or hybrid) and mitigation mechanisms at different software architecture levels.

引用

页码：424 / 429

页数：6

共 50 条

[1] Security Issues and Vulnerabilities in Web Application
Anumotu, Sitara
Jha, Kushagra
Balhara, Amit
Chawla, Pronika
[J]. NEXT GENERATION OF INTERNET OF THINGS, 2023, 445 : 103 - 114
[2] A Study on Web Application Security and Detecting Security Vulnerabilities
Kumar, Sandeep
Mahajan, Renuka
Kumar, Naresh
Khatri, Sunil Kumar
[J]. 2017 6TH INTERNATIONAL CONFERENCE ON RELIABILITY, INFOCOM TECHNOLOGIES AND OPTIMIZATION (TRENDS AND FUTURE DIRECTIONS) (ICRITO), 2017, : 451 - 455
[3] Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy
Papp, Dorottya
Ma, Zhendong
Buttyan, Levente
[J]. 2015 THIRTEENTH ANNUAL CONFERENCE ON PRIVACY, SECURITY AND TRUST (PST), 2015, : 145 - 152
[4] An Attack Vector Taxonomy for Mobile Telephony Security Vulnerabilities
Lanoue, Matthew
Bollmann, Chad A.
Michael, James Bret
Roth, John
Wijesekera, Duminda
[J]. COMPUTER, 2021, 54 (04) : 76 - 84
[5] A requirements taxonomy for reducing Web site privacy vulnerabilities
Antón, AI
Earp, JB
[J]. REQUIREMENTS ENGINEERING, 2004, 9 (03) : 169 - 185
[6] A requirements taxonomy for reducing Web site privacy vulnerabilities
Annie I. Antón
Julia B. Earp
[J]. Requirements Engineering, 2004, 9 : 169 - 185
[7] Using Web Security Scanners to Detect Vulnerabilities in Web Services
Vieira, Marco
Antunes, Nuno
Madeira, Henrique
[J]. 2009 IEEE/IFIP INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS & NETWORKS (DSN 2009), 2009, : 566 - 571
[8] European digital libraries: web security vulnerabilities
Kuzma, Joanne
[J]. LIBRARY HI TECH, 2010, 28 (03) : 402 - 413
[9] Mapping Software Faults with Web Security Vulnerabilities
Fonseca, Jose
Vieira, Marco
[J]. 2008 IEEE INTERNATIONAL CONFERENCE ON DEPENDABLE SYSTEMS & NETWORKS WITH FTCS & DCC, 2008, : 257 - +
[10] Analysis of Field Data on Web Security Vulnerabilities
Fonseca, Jose
Seixas, Nuno
Vieira, Marco
Madeira, Henrique
[J]. IEEE TRANSACTIONS ON DEPENDABLE AND SECURE COMPUTING, 2014, 11 (02) : 89 - 100

← 1 2 3 4 5 →