Abstract
There is an increasing number of attacks aiming web servers;
mostly at the application level. There is a need for new security
technologies which are deployed between the users and web
applications. In this work, such a system’s fundamentals will be
given and modeled. Web IDS/IPS is introduced which is a
specialized intrusion detection and prevention system. Also web
infrastructure awareness, vulnerability analysis integrated system
and statistical results from Ege University campus network are
presented.
References
- Karaarslan Enis, Tuglular T, Sengonca, H, 2004. “Enterprise Wide Web Application Security: An Introduction”, EICAR 2004.
- Zone-h, 2005. Independent observation of web server cybercrimes, 18 Aralık 2005 tarihinde erişilmiştir, http://www.zoneh.org
- CSI/FBI, 2005. Computer Crime and Security Survey, Computer Security Institute Publication, 21 Kasım 2005 tarihinde erişilmiştir, http://www.gocsi.com/
- OWASP, 2006. OWASP Top Ten Most Critical Web Application Security Vulnerabilities, 12 Ocak 2006 tarihinde erişilmiştir, http://www.owasp.org/documentation/topten.html
- Sima C., 2005. Web Application Worms - the next Internet infestation, (In)secure Magazine, Issue 2, pg 17-21, 20 Haziran 2005 tarihinde erişilmiştir, http://www.insecuremagazine.com/INSECURE-Mag-2.pdf
- Sanctum, 2003. Anatomy of a Web Application, 26 Aralık 2003 tarihinde erişilmiştir, http://www.sanctuminc.com/solutions/whitepapers/
- IETF, 1999. RFC2616, Hypertext Transfer Protocol - HTTP/1.1, 10 Ocak 2006 tarihinde erişilmiştir, http://www.ietf.org/rfc/rfc2616.txt
- Roelker D., Norton M., 2002. Snort 2.0: Protocol Flow Analyzer, 29 Mayıs 2004 tarihinde erişilmiştir, http://www.sourcefire.com/products/library.html#wp
- Durkee R., 2003. Java Web Application Security, 26 Aralık 2003 tarihinde erişilmiştir, http://www.rd1.net/present/Durkee_RJUG_WebAppSec.pdf
- 0] Grossman J., 2004. Challenges of Automated Web Application Scanning "Why automated scanning only solves half the problem.", Blackhat Windows 2004, 12 Ocak 2006 tarihinde erişilmiştir, http://www.whitehatsec.com/presentations/challenges_of_scanning.pdf
- 1]Whitaker A., Newman D., 2005. Penetration Testing and Network Defense, Cisco Press, ISBN:1-58705-208-3
- 2] Newmarch J., 2000. HTTP Session Management, 10 Ocak 2006 tarihinde erişilmiştir, http://jan.netcomp.monash.edu.au/ecommerce/session.html
- 3] Dong W., 2005. Adding Session and Transaction Management to XML Web Services by Using SIP, Minor Thesis, Monash University, 10 Ocak 2006 tarihinde erişilmiştir, http://jan.netcomp.monash.edu.au/publications/wendy_thesis.pdf
- 4] Robin B., 2003. Web Application Security, Lesson Notes, 26 Eylül 2003 tarihinde erişilmiştir, http://josquin.cti.depaul.edu/~rburke/courses/f03/ect582/notes/w8/le c1106.ppt
- 5] Dayioglu B., 2003. Php ve Web Güvenliği, 12 Temmuz 2006 tarihinde erişilmiştir, http://seminer.linux.org.tr/seminer-notlari/web-uygulamaguvenligi.sxi
- 6] Wikipedia, 2006. Web Service, 8 Temmuz 2006 tarihinde erişilmiştir, http://en.wikipedia.org/wiki/Web_service
- 7] McHugh J.: Intrusion and intrusion detection, International Journal of Information Security, Springer, ISSN: 1615-5262 (Paper), 1615-5270 (Online), Issue: Volume 1 - Number 1 (2001) 14 – 35
- 8] Conry-Murray A., 2003. Emerging Technology: Detection vs. Prevention - Evolution or Revolution?, 26 Aralık 2003 tarihinde erişilmiştir, http://www.networkmagazine.com/shared/article/showArticle.jhtml? articleId=9400017
- 9] Parker D., 2004. Filtering IDS Packets, 27 Kasım 2005 tarihinde erişilmiştir, http://www.onlamp.com/pub/a/security/2004/06/17/ids_filtering.html
- 0] Karaarslan E, Tuglular T, Sengonca, H, 2006. Does Network Awareness Make Difference In Intrusion Detection of Web Attacks, ICHIT 2006.
- 1] Chu B., 2002. Application Security, 26 Aralık 2003 tarihinde erişilmiştir, http://www.belkcollege.uncc.edu/nblong/ITIS2300/Application%20 Security.ppt
- 2] Newmarch J., Huang M., Chua K. G., 2003. Firewalling Web Services
- 3] Ptacek T.H., Newsham T.N., 1998. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, http://www.snort.org/docs/idspaper/
- 4] Snort Users Manual 2.4.0 , 2005.
Abstract
Günümüzde web sunucularını hedefleyen, özellikle web uygulaması seviyesinde artan sayıda saldırılar yaşanmaktadır. Kullanıcılar ve web uygulamaları arasında konuşlanacak yeni güvenlik önlemlerine gereksinim duyulmaktadır. Bu çalışmada bu tür bir sistemin temelleri verilmiş ve modellenmiştir. Web trafiği için özerkleştirilen saldırı saptama ve engelleme sistemi olan Web IDS/IPS tanıtılmıştır. Ayrıca Web altyapısı farkındalığı ve zayıflık inceleme sistemleriyle tümleştirilen sistem ve Ege Üniversitesi kampüs ağından alınan istatistiksel sonuçlar da sunulmuştur.
References
- Karaarslan Enis, Tuglular T, Sengonca, H, 2004. “Enterprise Wide Web Application Security: An Introduction”, EICAR 2004.
- Zone-h, 2005. Independent observation of web server cybercrimes, 18 Aralık 2005 tarihinde erişilmiştir, http://www.zoneh.org
- CSI/FBI, 2005. Computer Crime and Security Survey, Computer Security Institute Publication, 21 Kasım 2005 tarihinde erişilmiştir, http://www.gocsi.com/
- OWASP, 2006. OWASP Top Ten Most Critical Web Application Security Vulnerabilities, 12 Ocak 2006 tarihinde erişilmiştir, http://www.owasp.org/documentation/topten.html
- Sima C., 2005. Web Application Worms - the next Internet infestation, (In)secure Magazine, Issue 2, pg 17-21, 20 Haziran 2005 tarihinde erişilmiştir, http://www.insecuremagazine.com/INSECURE-Mag-2.pdf
- Sanctum, 2003. Anatomy of a Web Application, 26 Aralık 2003 tarihinde erişilmiştir, http://www.sanctuminc.com/solutions/whitepapers/
- IETF, 1999. RFC2616, Hypertext Transfer Protocol - HTTP/1.1, 10 Ocak 2006 tarihinde erişilmiştir, http://www.ietf.org/rfc/rfc2616.txt
- Roelker D., Norton M., 2002. Snort 2.0: Protocol Flow Analyzer, 29 Mayıs 2004 tarihinde erişilmiştir, http://www.sourcefire.com/products/library.html#wp
- Durkee R., 2003. Java Web Application Security, 26 Aralık 2003 tarihinde erişilmiştir, http://www.rd1.net/present/Durkee_RJUG_WebAppSec.pdf
- 0] Grossman J., 2004. Challenges of Automated Web Application Scanning "Why automated scanning only solves half the problem.", Blackhat Windows 2004, 12 Ocak 2006 tarihinde erişilmiştir, http://www.whitehatsec.com/presentations/challenges_of_scanning.pdf
- 1]Whitaker A., Newman D., 2005. Penetration Testing and Network Defense, Cisco Press, ISBN:1-58705-208-3
- 2] Newmarch J., 2000. HTTP Session Management, 10 Ocak 2006 tarihinde erişilmiştir, http://jan.netcomp.monash.edu.au/ecommerce/session.html
- 3] Dong W., 2005. Adding Session and Transaction Management to XML Web Services by Using SIP, Minor Thesis, Monash University, 10 Ocak 2006 tarihinde erişilmiştir, http://jan.netcomp.monash.edu.au/publications/wendy_thesis.pdf
- 4] Robin B., 2003. Web Application Security, Lesson Notes, 26 Eylül 2003 tarihinde erişilmiştir, http://josquin.cti.depaul.edu/~rburke/courses/f03/ect582/notes/w8/le c1106.ppt
- 5] Dayioglu B., 2003. Php ve Web Güvenliği, 12 Temmuz 2006 tarihinde erişilmiştir, http://seminer.linux.org.tr/seminer-notlari/web-uygulamaguvenligi.sxi
- 6] Wikipedia, 2006. Web Service, 8 Temmuz 2006 tarihinde erişilmiştir, http://en.wikipedia.org/wiki/Web_service
- 7] McHugh J.: Intrusion and intrusion detection, International Journal of Information Security, Springer, ISSN: 1615-5262 (Paper), 1615-5270 (Online), Issue: Volume 1 - Number 1 (2001) 14 – 35
- 8] Conry-Murray A., 2003. Emerging Technology: Detection vs. Prevention - Evolution or Revolution?, 26 Aralık 2003 tarihinde erişilmiştir, http://www.networkmagazine.com/shared/article/showArticle.jhtml? articleId=9400017
- 9] Parker D., 2004. Filtering IDS Packets, 27 Kasım 2005 tarihinde erişilmiştir, http://www.onlamp.com/pub/a/security/2004/06/17/ids_filtering.html
- 0] Karaarslan E, Tuglular T, Sengonca, H, 2006. Does Network Awareness Make Difference In Intrusion Detection of Web Attacks, ICHIT 2006.
- 1] Chu B., 2002. Application Security, 26 Aralık 2003 tarihinde erişilmiştir, http://www.belkcollege.uncc.edu/nblong/ITIS2300/Application%20 Security.ppt
- 2] Newmarch J., Huang M., Chua K. G., 2003. Firewalling Web Services
- 3] Ptacek T.H., Newsham T.N., 1998. Insertion, Evasion, and Denial of Service: Eluding Network Intrusion Detection, http://www.snort.org/docs/idspaper/
- 4] Snort Users Manual 2.4.0 , 2005.
Details
| Other ID | JA37GZ52NA |
|---|---|
| Journal Section | Makaleler(Araştırma) |
| Authors | |
| Publication Date | June 24, 2016 |
| Published in Issue | Year 2006 Volume: 2 Issue: 1 - Volume: 2 Issue: 1 |
Cite
Article Acceptance
Use user registration/login to upload articles online.
The acceptance process of the articles sent to the journal consists of the following stages:
1. Each submitted article is sent to at least two referees at the first stage.
2. Referee appointments are made by the journal editors. There are approximately 200 referees in the referee pool of the journal and these referees are classified according to their areas of interest. Each referee is sent an article on the subject he is interested in. The selection of the arbitrator is done in a way that does not cause any conflict of interest.
3. In the articles sent to the referees, the names of the authors are closed.
4. Referees are explained how to evaluate an article and are asked to fill in the evaluation form shown below.
5. The articles in which two referees give positive opinion are subjected to similarity review by the editors. The similarity in the articles is expected to be less than 25%.
6. A paper that has passed all stages is reviewed by the editor in terms of language and presentation, and necessary corrections and improvements are made. If necessary, the authors are notified of the situation.
.
This work is licensed under a Creative Commons Attribution-NonCommercial 4.0 International License.