Advertisement

Security Analysis of Bioinformatics WEB Application

  • Tao Tao
  • Yuan ChenEmail author
  • Bijing Liu
  • Xueqi Jin
  • Mingyuan Yan
  • Shouling Ji
Conference paper
Part of the Advances in Intelligent Systems and Computing book series (AISC, volume 895)

Abstract

Bioinformatics is a subject that focuses on developing methods and software tools, especially web applications, to analyze, understand and utilize biological data. This scientific field attracts large research interest and has been developed rapidly in most aspects but not on security. The lack of security awareness of researchers and insufficient maintenance are the main reasons for security vulnerabilities of bioinformatics web application, such as SQL injection, XSS and file leakage, etc. In the paper, we perform security analysis for website URLs extracted from PubMed abstracts, which contains more than 20,000 URLs. The analysis includes server version CVE matching, HTTPS security evaluation, git leakage detection, and small-scale manual penetration testing. The result shows that the most commonly used server version is outdated and vulnerable. Particularly, only one-fourth HTTPS domains are secure based on our testing, which only count for 7.6% in the entire testing websites. Discovered vulnerabilities are reported to website manager by email and we receive positive feedbacks.

Keywords

Bioinformatics WEB Security Git leakage 

Notes

Acknowledgement

We would like to thank the anonymous reviewers for their valuable suggestions for improving this paper. We are also grateful to Yincong Zhou, Dahui Hu and Prof. Ming Chen of The Group of Bioinformatics of Zhejiang University for their work about DaTo and contribution to this work.

This work was partly supported by NSFC under No. 61772466, the Zhejiang Provincial Natural Science Foundation for Distinguished Young Scholars under No. R19F020013, the Provincial Key Research and Development Program of Zhejiang, China under No. 2017C01055, the Fundamental Research Funds for the Central Universities, and the Alibaba-ZJU Joint Research Institute of Frontier Technologies. Technology Project of State Grid Zhejiang Electric Power co. LTD under NO. 5211HZ17000J.

References

  1. 1.
    Bioinformatics Wikipedia. https://en.wikipedia.org/wiki/Bioinformatics. Accessed 12 Oct 2018
  2. 2.
    Johnson, M., et al.: NCBI BLAST: a better web interface. Nucleic Acids Res. 36(2), W5–W9 (2008)CrossRefGoogle Scholar
  3. 3.
    Ranger, S. At $30,000 for a flaw, bug bounties are big and getting bigger – ZDNet. http://www.zdnet.com/article/at-30000-for-a-flaw-bug-bounties-are-big-and-getting-bigger/. Accessed 12 Oct 2018
  4. 4.
    Li, Q., Zhou, Y., et al.: DaTo: an atlas of biological databases and tools. J. Integr. Bioinform. 13(4), 297 (2016)MathSciNetCrossRefGoogle Scholar
  5. 5.
    About Us – Censys. https://censys.io/about. Accessed 12 Oct 2018
  6. 6.
    SSL Server Rating Guide. https://github.com/ssllabs/research/wiki/SSL-Server-Rating-Guide. Accessed 12 Oct 2018
  7. 7.
    Stock, B., Pellegrino, G., Li, F., et al.: Didn’t you hear me? - towards more successful web vulnerability notifications. In: Network and Distributed System Security Symposium (2018)Google Scholar
  8. 8.
  9. 9.
    OWASP Wikipedia. https://en.wikipedia.org/wiki/OWASP. Accessed 12 Oct 2018

Copyright information

© Springer Nature Switzerland AG 2020

Authors and Affiliations

  • Tao Tao
    • 1
  • Yuan Chen
    • 2
    Email author
  • Bijing Liu
    • 3
  • Xueqi Jin
    • 4
  • Mingyuan Yan
    • 5
  • Shouling Ji
    • 2
    • 6
  1. 1.State Grid Hangzhou Power Supply CompanyHangzhouChina
  2. 2.Zhejiang UniversityHangzhouChina
  3. 3.NARI Group CorporationBeijingChina
  4. 4.State Grid Zhejiang Electric Power Co., Ltd.HangzhouChina
  5. 5.University of North GeorgiaDahlonegaGeorgia
  6. 6.Alibaba-Zhejiang University Joint Research Institute of Frontier TechnologiesHangzhouChina

Personalised recommendations