Title :
The Web Attacker Perspective - A Field Study
Author :
Fonseca, José ; Vieira, Marco ; Madeira, Henrique
Author_Institution :
Polytech. Inst. of Guarda, Univ. of Coimbra, Guarda, Portugal
Abstract :
Web applications are a fundamental pillar of today´s globalized world. Society depends and relies on them for business and daily life. However, web applications are under constant attack by hackers that exploit their vulnerabilities to access valuable assets and disrupt business. Many studies and reports on web application security problems analyze the victim´s perspective by detailing the vulnerabilities publicly disclosed. In this paper we present a field study on the attacker´s perspective by looking at over 300 real exploits used by hackers to attack web applications. Results show that SQL injection and Remote File Inclusion are the two most frequently used exploits and that hackers prefer easier rather than complicated attack techniques. Exploit and vulnerability data are also correlated to show that, although there are many types of vulnerabilities out there, only few are interesting enough for attackers to obtain what they want the most: root shell access and admin passwords.
Keywords :
Internet; SQL; computer crime; SQL injection; Web application security; Web applications; Web attacker perspective; admin password; hackers; remote file inclusion; root shell access; vulnerability; Authentication; Computer hacking; Databases; Web server; Web sites; Exploit; Field study; Security; Vulnerability; Web application;
Conference_Titel :
Software Reliability Engineering (ISSRE), 2010 IEEE 21st International Symposium on
Conference_Location :
San Jose, CA
Print_ISBN :
978-1-4244-9056-1
Electronic_ISBN :
1071-9458
DOI :
10.1109/ISSRE.2010.21
