Advertisement

Modeling the OWASP Most Critical WEB Attacks

  • Yassine Ayachi
  • El Hassane Ettifouri
  • Jamal Berrich
  • Bouchentouf Toumi
Conference paper
Part of the Smart Innovation, Systems and Technologies book series (SIST, volume 111)

Abstract

The tremendous growth of the web-based applications has increased information security vulnerabilities over the Internet. The threat landscape of applications security is constantly evolving (see CVE 1. published reports 2.). The key factors in this evolution are the progress made by the attackers, the emergence of new technologies with new weaknesses, as well as more integrated defenses, and the deployment of increasingly complex systems. Our contribution’s goal is to build a common model of the most famous and dangerous WEB attacks which will allow us to better understand those attacks and hence, adopt the most adapted security strategy to a given business and technical environment. This modeling can also be useful to the problematic of intrusion detection systems evaluation. We have relied on the OWASP TOP 10 classification of the most recent critical WEB attacks 3. and we deduced at the end of this paper a global modeling of all these attacks.

Keywords

WEB application vulnerabilities WEB attack Attacks modeling OWASP TOP 10 classification 

References

  1. 1.
    CVE: Common Vulnerabilities and Exposures (CVE), Cve.mitre.org (2017). http://cve.mitre.org/. Accessed 10 June 2017
  2. 2.
    Vulnerability distribution of CVE security vulnerabilities by types, Cvedetails.com (2017). https://www.cvedetails.com/vulnerabilities-by-types.php. Accessed 10 Jun 2017
  3. 3.
    Top 10 2013-Top 10-OWASP, Owasp.org (2017). https://www.owasp.org/index.php/Top_10_2013-Top_10. Accessed 10 June 2017
  4. 4.
    OWASP, Owasp.org (2017). https://www.owasp.org/index.php/Main_Page. Accessed 10 June 2017
  5. 5.
    Abou El Kalam, A., Gad El Rab, M., Deswarte, Y.: A model-driven approach for experimental evaluation of intrusion detection systems. Secur. Commun. Netw. 7(11), 1955–1973 (2013, in press)Google Scholar
  6. 6.
    Ayachi, Y., Rahmoune, N., Ettifouri, E., Berrich, J., Bouchentouf, T.: Setting up a self-learning IDS based on Markov chains theory. In: 2016 5th International Conference on Multimedia Computing and Systems (ICMCS) (2016, in press)Google Scholar
  7. 7.
    The MITRE Corporation, Mitre.org (2017). https://www.mitre.org/. Accessed 10 Jun 2017
  8. 8.
    Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards, Pcisecuritystandards.org (2017). https://www.pcisecuritystandards.org/. Accessed 10 June 2017
  9. 9.
    Defense Information Systems Agency, Disa.mil (2017). http://www.disa.mil/. Accessed 10 June 2017
  10. 10.
    Federal Trade Commission: Federal Trade Commission (2017). https://www.ftc.gov. Accessed 10 June 2017
  11. 11.
    Ettifouri, E.H., Rhouati, A., Dahhane, W., Bouchentouf, T.: ZeroCouplage framework: a framework for multi-supports applications (web, mobile and desktop). In: El Oualkadi A., Choubani F., El Moussati A. (eds.) Proceedings of the Mediterranean Conference on Information & Communication Technologies 2015. LNEE, vol 381. Springer, Cham (2016)Google Scholar
  12. 12.
    Ayachi, Y., Rahmoune, N., Ettifouri, E., Berrich, J., Bouchentouf, T.: Detecting website vulnerabilities based on Markov chains theory. In: 2016 5th International Conference on Multimedia Computing and Systems (ICMCS) (2016, in press)Google Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  • Yassine Ayachi
    • 1
  • El Hassane Ettifouri
    • 1
  • Jamal Berrich
    • 1
  • Bouchentouf Toumi
    • 1
  1. 1.LSE2I Laboratory, National School of Applied SciencesMohammed The First UniversityOujdaMorocco

Personalised recommendations