Skip to main content

Mode Switching for Secure Web Applications – A Juice Shop Case Scenario

Part of the Communications in Computer and Information Science book series (CCIS,volume 1479)

Abstract

Switching modes is a general mechanism that is used in many domains. We have suggested to use it for security purposes to make systems more resilient when vulnerabilities are known or when attacks are performed. OWASP provides several vulnerable web applications for testing and training security skills. We have the idea of applying mode switching to one of these applications in order to demonstrate its usefulness in increasing security. We have chosen Juice Shop as our sample application. In this paper (i) we suggest a multi-modal architecture for web applications; (ii) we present Juice Shop as our web application scenario; and (iii) we show first reflections on how mode switching can reduce attack surfaces and, thus, increase resilience.

Keywords

  • Mode switching
  • Web application
  • Web shop
  • Security
  • Resilience

This is a preview of subscription content, access via your institution.

Buying options

Chapter
USD   29.95
Price excludes VAT (USA)
  • DOI: 10.1007/978-3-030-87101-7_1
  • Chapter length: 6 pages
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
eBook
USD   64.99
Price excludes VAT (USA)
  • ISBN: 978-3-030-87101-7
  • Instant PDF download
  • Readable on all devices
  • Own it forever
  • Exclusive offer for individuals only
  • Tax calculation will be finalised during checkout
Softcover Book
USD   84.99
Price excludes VAT (USA)

References

  1. Chen, T., Phan, L.T.: SafeMC: a system for the design and evaluation of mode-change protocols. In: 2018 IEEE RTAS, pp. 105–116 (2018). https://doi.org/10.1109/RTAS.2018.00021

  2. Fail2ban: Manual Fail2ban 0.8. https://www.fail2ban.org/wiki/index.php/MANUAL_0_8

  3. Firesmith, D.: System Resilience: What Exactly is it? https://insights.sei.cmu.edu/blog/system-resilience-what-exactly-is-it/

  4. Joint Task Force Interagency Working Group: Security and Privacy Controls for Information Systems and Organizations. US NIST, revision 5 edn. (2020). https://doi.org/10.6028/NIST.SP.800-53r5

  5. Kimminich, B.: Pwning OWASP Juice Shop. OWASP Foundation, Inc. (2021). https://pwning.owasp-juice.shop/

  6. Liu, Y., Cannell, J.C., Coffman, J.H.: Gannon university hackathon: a combination of virtual and onsite education event to recruit high-school students within cybersecurity major. In: 2020 IEEE FIE, pp. 1–4 (2020)

    Google Scholar 

  7. Microsoft: What is Azure Web Application Firewall on Azure Application Gateway? - Azure Web Application Firewall (2020). https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview

  8. OWASP: OWASP Juice Shop. https://owasp.org/www-project-juice-shop/

  9. OWASP: OWASP Top Ten. https://owasp.org/www-project-top-ten/

  10. Riegler, M., Sametinger, J.: Mode switching from a security perspective: first findings of a systematic literature review. In: Kotsis, G., et al. (eds.) DEXA 2020. CCIS, vol. 1285, pp. 63–73. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59028-4_6

    CrossRef  Google Scholar 

  11. Riegler, M., Sametinger, J., Vierhauser, M., Wimmer, M.: Automatic mode switching based on security vulnerability scores. In: Submitted for Publication (2021)

    Google Scholar 

  12. Thompson, M., Mendolla, M., Muggler, M., Ike, M.: Dynamic application rotation environment for moving target defense. In: 2016 Resilience Week (RWS), pp. 17–26, August 2016. https://doi.org/10.1109/RWEEK.2016.7573301

  13. US Nuclear Regulatory Commission (NRC): Standard Technical Specifications - Operating and New Reactors - Current Versions (2019). https://www.nrc.gov/reactors/operating/licensing/techspecs/current-approved-sts.html

Download references

Acknowledgement

This work has partially been supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria.

Author information

Authors and Affiliations

Authors

Corresponding authors

Correspondence to Michael Riegler or Johannes Sametinger .

Editor information

Editors and Affiliations

Rights and permissions

Reprints and Permissions

Copyright information

© 2021 Springer Nature Switzerland AG

About this paper

Verify currency and authenticity via CrossMark

Cite this paper

Riegler, M., Sametinger, J. (2021). Mode Switching for Secure Web Applications – A Juice Shop Case Scenario. In: , et al. Database and Expert Systems Applications - DEXA 2021 Workshops. DEXA 2021. Communications in Computer and Information Science, vol 1479. Springer, Cham. https://doi.org/10.1007/978-3-030-87101-7_1

Download citation

  • DOI: https://doi.org/10.1007/978-3-030-87101-7_1

  • Published:

  • Publisher Name: Springer, Cham

  • Print ISBN: 978-3-030-87100-0

  • Online ISBN: 978-3-030-87101-7

  • eBook Packages: Computer ScienceComputer Science (R0)