Web Security: A Survey of Latest Trends in Security Attacks

  • Pranesh V. Kallapur
  • V. Geetha
Part of the Lecture Notes in Electrical Engineering book series (LNEE, volume 121)

Abstract

Every system used in real time will be having some security threats. Internet has not been exception for it. From as early as 1980s there has been occurrence of several different types of security attacks with Internet being their major target. Internet happens to be main target due to type and amount of information it stores and advancements in computer networks which makes it very easy for accessing the same. Also, at the same time limitations/design flaws in Internet design, programming languages etc. make attack techniques to evolve from day to day. Due to such evolution of new attack mechanisms, at present, we have a big list of different attacks. Further, motivations for making such attacks range from just having fun to sabotaging critical & specific infrastructures at national level. Hence, in this context, it is very necessary and useful to know about latest trends in security attacks. In this connection this paper provides a brief survey of latest security attacks on web. This paper also provides a summarized comparison of discussed attacks against chosen important parameters. In addition, an observational data about attacks via Emails over a period of time is also presented. The paper concludes by mentioning the need of such surveys and research opportunities in this area.

Keywords

Network Security Security Attacks Web Security 

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

References

  1. 1.
    Boneh, D., Mitchell, J.: Controlhijacking (2009), https://courseware.stanford.edu/pg/courses/CS155
  2. 2.
    Sotirov, A.: Heap Feng Shui in Javascript. Blackhat Europe (2007)Google Scholar
  3. 3.
    Daniel, M., Honoroff, J., Miller, C.: Engineering Heap Overflow Exploits with JavaScript. In: WooT 2008 (2008)Google Scholar
  4. 4.
    Ratanaworabhan, P., Livshits, B., Zorn, B.: Nozzle: A Defense Against Heap-spraying Code Injection AttacksGoogle Scholar
  5. 5.
    Blazakis, D.: Interpreter Exploitation: Pointer inference and JiT sprayingGoogle Scholar
  6. 6.
    Boneh, D.: Unwanted Traffic:DoS/DDoS and Spam Email (2009), https://courseware.stanford.edu/pg/courses/CS155
  7. 7.
    Shelton, T.: Rootkits: the basics (2006), http://blacksecurity.org
  8. 8.
    Hoglund, G., Butler, J.: Rootkits: Subverting the Windows KernelGoogle Scholar
  9. 9.
    Sandeep, S.: Process Tracing Using Ptrace, Part2, http://linuxgazette.net/issue83/sandeep.html
  10. 10.
    Sandeep, S.: Process Tracing Using Ptrace, Part 3, http://linuxgazette.net/issue85/sandeep.html
  11. 11.
    Bursztein, E.: Malware (2009), https://courseware.stanford.edu/pg/courses/CS155
  12. 12.
    Romano, M., Rosignoli, S., Giannini, E.: Robot Wars – How Botnets Work. For hakin9Google Scholar
  13. 13.
    Real World Example: Stuxnet Worm (2010), http://www.csir.co.za/dpss/docs/stuxnet%20presentation2.ppt
  14. 14.
  15. 15.
  16. 16.
    Cyber Security Threats, The Lowy Institute for International Policy (September 8, 2010)Google Scholar
  17. 17.
    Paul, B., Yegneswaran, Raju, K.P.: An Inside Look at Botnets. In: Advances in Information Security. Springer, Heidelberg (2006)Google Scholar
  18. 18.
  19. 19.
  20. 20.
  21. 21.
  22. 22.
    Lobo, D., Wu, X.-W., Sun, L., Watters, P.: Windows Rootkits: Attacks and Countermeasures. In: 2010 Second Cybercrime and Trustworthy Computing Workshop (2010)Google Scholar
  23. 23.
    Feily, M., Shahrestani, A., Ramadass, S.: A Survey of Botnet and Botnet Detection. In: Third International Conference on Emerging Security Information, Systems and Technologies (2009)Google Scholar
  24. 24.
    Worm Targets Industrial-Plant Operations. IEEE Computer Society News Letter (November 2010)Google Scholar
  25. 25.
    An, Z., Liu, H.: Realization of Buffer Overflow. In: International Forum on Information Technology and Applications (2010)Google Scholar
  26. 26.
    Qiao, Z., Zhang, Y., Xie, C.: Research and Survey of Low-rate Denial of Service Attacks. In: 13th IEEE Conference on Advances in Communication Technology, ICACT, February 13-16 (2011)Google Scholar
  27. 27.
    Abu-Nimeh, S., Chen, T.M., Alzubi, O.: A Survey of Malicious and Spam Posts in Facebook. IEEE (2011), doi:10.1109/MC.2011.222Google Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2011

Authors and Affiliations

  • Pranesh V. Kallapur
    • 1
  • V. Geetha
    • 1
  1. 1.Department of Information TechnologyNITKSurathkalIndia

Personalised recommendations