Τρίτη, 01 Απριλίου 2014 00:00

Παρουσίαση εργασίας στο 2ο Διεθνές Συνέδριο της ΣΣΕ για την Ασφάλεια Συστημάτων

Written by
Rate this item
(84 votes)

Με μεγάλη χαρά και τιμή παρουσιάζουμε μια πολύ εξειδικευμένη εργασία στο 2ο Διεθνές Συνέδριο της Στρατιωτικής Σχολής Ευελπίδων (ΣΣΕ) για την Κρυπτογραφία, Ασφάλεια Δικτύων και Εφαρμογές στις Ένοπλες Δυνάμεις, που γίνεται στις 02 Απριλίου 2014 στις εγκαταστάσεις της ΣΣΕ στη Βάρη.

Το θέμα και η περίληψη της εργασίας έχει ως εξής:

Attacking Web Applications: Methodology and Tools

Web applications are those that are accessed using a web browser to communicate with a web server. They include a wide variety of different technologies, such as databases, file systems, and web services.

As with any new area of technology, they have brought with them a new range of security vulnerabilities. The most serious attacks against web applications are those that expose sensitive data or gain unrestricted access to the back-end systems on which the application is running. In fact, the majority of web applications are insecure, despite the widespread usage of SSL technology and the adoption of regular PCI scanning. So although SSL is a great technology that protects data transit between a client and a web server, it does not stop attacks that directly target the server or client components of an application.

This paper describes a methodology someone can follow when attacking a web application. It provides a good level of assurance that the attacker has detected all the necessary areas of the application’s attack surface and has found as many issues as possible given the resources available to him.

The methodology is presented as a sequence of tasks that are organized according to the logical interdependencies between them. In practice the attacker will usually need to think beyond the standard direction in which his activities should go and allow these to be guided by what he discovers about the application he is attacking.

This paper also presents tools that someone can use to attack on web applications. Many of these tools operate in conjunction with the standard web browser, either as extensions or as external tools. Other tools automate many of the tasks involved in attacking, or perform specific tasks when testing web applications.

Read 7734 times Last modified on Τετάρτη, 19 Φεβρουαρίου 2020 11:04

Σχόλια

0
Δημήτρης
10 years ago
Καλό άρθρο..
Like Like Απάντηση | Απάντηση με παράθεση | Παράθεση

Προσθήκη νέου σχολίου

Αποστολή

Newsletter

RSS Feeds

  Γενικά

  CRM

  ISO

Σχετικά με εμάς

Η Omicron Systems είναι μια εταιρεία ανάπτυξης συστημάτων.

  • Άρτης 1, Μοσχάτο 18345