Abstract
Bioinformatics is a subject that focuses on developing methods and software tools, especially web applications, to analyze, understand and utilize biological data. This scientific field attracts large research interest and has been developed rapidly in most aspects but not on security. The lack of security awareness of researchers and insufficient maintenance are the main reasons for security vulnerabilities of bioinformatics web application, such as SQL injection, XSS and file leakage, etc. In the paper, we perform security analysis for website URLs extracted from PubMed abstracts, which contains more than 20,000 URLs. The analysis includes server version CVE matching, HTTPS security evaluation, git leakage detection, and small-scale manual penetration testing. The result shows that the most commonly used server version is outdated and vulnerable. Particularly, only one-fourth HTTPS domains are secure based on our testing, which only count for 7.6% in the entire testing websites. Discovered vulnerabilities are reported to website manager by email and we receive positive feedbacks.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Notes
- 1.
ftp://ftp.ncbi.nlm.nih.gov/pubmed/baseline.
- 2.
References
Bioinformatics Wikipedia. https://en.wikipedia.org/wiki/Bioinformatics. Accessed 12 Oct 2018
Johnson, M., et al.: NCBI BLAST: a better web interface. Nucleic Acids Res. 36(2), W5–W9 (2008)
Ranger, S. At $30,000 for a flaw, bug bounties are big and getting bigger – ZDNet. http://www.zdnet.com/article/at-30000-for-a-flaw-bug-bounties-are-big-and-getting-bigger/. Accessed 12 Oct 2018
Li, Q., Zhou, Y., et al.: DaTo: an atlas of biological databases and tools. J. Integr. Bioinform. 13(4), 297 (2016)
About Us – Censys. https://censys.io/about. Accessed 12 Oct 2018
SSL Server Rating Guide. https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide. Accessed 12 Oct 2018
Stock, B., Pellegrino, G., Li, F., et al.: Didn’t you hear me? - towards more successful web vulnerability notifications. In: Network and Distributed System Security Symposium (2018)
CVE-2016-5195 in Ubuntu. https://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-5195.html. Accessed 12 Oct 2018
OWASP Wikipedia. https://en.wikipedia.org/wiki/OWASP. Accessed 12 Oct 2018
Acknowledgement
We would like to thank the anonymous reviewers for their valuable suggestions for improving this paper. We are also grateful to Yincong Zhou, Dahui Hu and Prof. Ming Chen of The Group of Bioinformatics of Zhejiang University for their work about DaTo and contribution to this work.
This work was partly supported by NSFC under No. 61772466, the Zhejiang Provincial Natural Science Foundation for Distinguished Young Scholars under No. R19F020013, the Provincial Key Research and Development Program of Zhejiang, China under No. 2017C01055, the Fundamental Research Funds for the Central Universities, and the Alibaba-ZJU Joint Research Institute of Frontier Technologies. Technology Project of State Grid Zhejiang Electric Power co. LTD under NO. 5211HZ17000J.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2020 Springer Nature Switzerland AG
About this paper
Cite this paper
Tao, T., Chen, Y., Liu, B., Jin, X., Yan, M., Ji, S. (2020). Security Analysis of Bioinformatics WEB Application. In: Yang, CN., Peng, SL., Jain, L. (eds) Security with Intelligent Computing and Big-data Services. SICBS 2018. Advances in Intelligent Systems and Computing, vol 895. Springer, Cham. https://doi.org/10.1007/978-3-030-16946-6_30
Download citation
DOI: https://doi.org/10.1007/978-3-030-16946-6_30
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-16945-9
Online ISBN: 978-3-030-16946-6
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)