1. SLIIT RDA
  2. SLIIT Staff Publications
  3. Faculty of Computing
  4. Department of Computer systems Engineering
  5. Research Papers - SLIIT Staff Publications
Please use this identifier to cite or link to this item: https://rda.sliit.lk/handle/123456789/1726
Full metadata record
DC FieldValueLanguage
dc.contributor.authorPerera, A. C-
dc.contributor.authorKesavan, K-
dc.contributor.authorBannakkotuwa, S. V-
dc.contributor.authorLiyanapathirana, C-
dc.contributor.authorRupasinghe, L-
dc.date.accessioned2022-03-18T08:30:13Z-
dc.date.available2022-03-18T08:30:13Z-
dc.date.issued2016-12-08-
dc.identifier.citationA. C. Perera, K. Kesavan, S. V. Bannakkotuwa, C. Liyanapathirana and L. Rupasinghe, "E-commerce (WEB) Application Security: Defense against Reconnaissance," 2016 IEEE International Conference on Computer and Information Technology (CIT), 2016, pp. 732-742, doi: 10.1109/CIT.2016.105.en_US
dc.identifier.isbn978-1-5090-4314-9-
dc.identifier.urihttp://rda.sliit.lk/handle/123456789/1726-
dc.description.abstractIntrusion Detection/prevention Systems and web application firewalls provide important layer(s) of security for web applications. Even though they are well configured and maintained continually with latest attack signatures and profiles, they often fail when it comes to reconnaissance because the requests of reconnaissance to the web server often take a form of legitimate requests and they are unpredictable. Addition of signatures of reconnaissance or learning legitimate request patterns used to identify reconnaissance are practically infeasible because of the time, resource and performance issues. On the other hand IDS, IPS and WAFs prioritize "attacks" over the "reconnaissance" - thus, it always tends to consider most of the reconnaissance as "events" not "incidents" which enables the adversaries to have a good understanding/profile of the web applications. The goal of this research is to analyze the reconnaissance patterns which can bypass security layers such as IDS/IPS or WAF and providing a solution which can handle the reconnaissance without hindering the performance of the application. The proposed solution is demonstrated as a plugin for a known PHP framework.en_US
dc.language.isoenen_US
dc.publisherIEEEen_US
dc.relation.ispartofseries2016 IEEE International Conference on Computer and Information Technology (CIT);Pages 732-742-
dc.subjectE-commerceen_US
dc.subject(WEB) Application Securityen_US
dc.subjectDefense againsten_US
dc.subjectReconnaissanceen_US
dc.titleE-commerce (WEB) Application security: Defense against Reconnaissanceen_US
dc.typeArticleen_US
dc.identifier.doi10.1109/CIT.2016.105en_US
Appears in Collections:Research Papers - Dept of Computer Systems Engineering
Research Papers - IEEE
Research Papers - SLIIT Staff Publications

Files in This Item:
File Description SizeFormat 
E-commerce_WEB_Application_Security_Defense_against_Reconnaissance.pdf
  Until 2050-12-31		1.01 MBAdobe PDFView/Open Request a copy
Show simple item record


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.