Please use this identifier to cite or link to this item: https://rda.sliit.lk/handle/123456789/1726
Title: E-commerce (WEB) Application security: Defense against Reconnaissance
Authors: Perera, A. C
Kesavan, K
Bannakkotuwa, S. V
Liyanapathirana, C
Rupasinghe, L
Keywords: E-commerce
(WEB) Application Security
Defense against
Reconnaissance
Issue Date: 8-Dec-2016
Publisher: IEEE
Citation: A. C. Perera, K. Kesavan, S. V. Bannakkotuwa, C. Liyanapathirana and L. Rupasinghe, "E-commerce (WEB) Application Security: Defense against Reconnaissance," 2016 IEEE International Conference on Computer and Information Technology (CIT), 2016, pp. 732-742, doi: 10.1109/CIT.2016.105.
Series/Report no.: 2016 IEEE International Conference on Computer and Information Technology (CIT);Pages 732-742
Abstract: Intrusion Detection/prevention Systems and web application firewalls provide important layer(s) of security for web applications. Even though they are well configured and maintained continually with latest attack signatures and profiles, they often fail when it comes to reconnaissance because the requests of reconnaissance to the web server often take a form of legitimate requests and they are unpredictable. Addition of signatures of reconnaissance or learning legitimate request patterns used to identify reconnaissance are practically infeasible because of the time, resource and performance issues. On the other hand IDS, IPS and WAFs prioritize "attacks" over the "reconnaissance" - thus, it always tends to consider most of the reconnaissance as "events" not "incidents" which enables the adversaries to have a good understanding/profile of the web applications. The goal of this research is to analyze the reconnaissance patterns which can bypass security layers such as IDS/IPS or WAF and providing a solution which can handle the reconnaissance without hindering the performance of the application. The proposed solution is demonstrated as a plugin for a known PHP framework.
URI: http://rda.sliit.lk/handle/123456789/1726
ISBN: 978-1-5090-4314-9
Appears in Collections:Research Papers - Dept of Computer Systems Engineering
Research Papers - IEEE
Research Papers - SLIIT Staff Publications

Files in This Item:
File Description SizeFormat 
E-commerce_WEB_Application_Security_Defense_against_Reconnaissance.pdf
  Until 2050-12-31
1.01 MBAdobe PDFView/Open Request a copy


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.