A method for identifying Web applications. Kozina, M., Golub, M., & Gros, S. INTERNATIONAL JOURNAL OF INFORMATION SECURITY, 8(6):455–467, December, 2009. Place: 233 SPRING ST, NEW YORK, NY 10013 USA Publisher: SPRINGER Type: Articledoi abstract bibtex Web applications are ubiquitous in today's businesses. The security of these applications is of utmost importance since security breaches might negatively impact good reputation, and even result in bankruptcy. There are different methods of assessing security of Web applications, mainly based on some automated method of scanning. One type of scan method feeds random data to the application and monitors its behavior. The other type uses a database with predefined vulnerabilities that are checked one by one until either a vulnerability is found, or it can be claimed that the application does not have any known vulnerabilities. The important step in latter type of scan process is the identification of the application since in this case we are narrowing number of checks and, as a consequence, the scan process is faster. This paper describes a method for Web application identification based on a black box principle. Our method is based on the invariance of certain characteristics of Web applications. We experimentally tested and confirmed the usefulness of this approach.
@article{kozina_method_2009,
title = {A method for identifying {Web} applications},
volume = {8},
issn = {1615-5262},
doi = {10.1007/s10207-009-0092-3},
abstract = {Web applications are ubiquitous in today's businesses. The security of these applications is of utmost importance since security breaches might negatively impact good reputation, and even result in bankruptcy. There are different methods of assessing security of Web applications, mainly based on some automated method of scanning. One type of scan method feeds random data to the application and monitors its behavior. The other type uses a database with predefined vulnerabilities that are checked one by one until either a vulnerability is found, or it can be claimed that the application does not have any known vulnerabilities. The important step in latter type of scan process is the identification of the application since in this case we are narrowing number of checks and, as a consequence, the scan process is faster. This paper describes a method for Web application identification based on a black box principle. Our method is based on the invariance of certain characteristics of Web applications. We experimentally tested and confirmed the usefulness of this approach.},
language = {English},
number = {6},
journal = {INTERNATIONAL JOURNAL OF INFORMATION SECURITY},
author = {Kozina, Mario and Golub, Marin and Gros, Stjepan},
month = dec,
year = {2009},
note = {Place: 233 SPRING ST, NEW YORK, NY 10013 USA
Publisher: SPRINGER
Type: Article},
keywords = {Fingerprinting, Web application identification, Web security},
pages = {455--467},
}
Downloads: 0
{"_id":"re5D8m4EAgxhTdLP8","bibbaseid":"kozina-golub-gros-amethodforidentifyingwebapplications-2009","author_short":["Kozina, M.","Golub, M.","Gros, S."],"bibdata":{"bibtype":"article","type":"article","title":"A method for identifying Web applications","volume":"8","issn":"1615-5262","doi":"10.1007/s10207-009-0092-3","abstract":"Web applications are ubiquitous in today's businesses. The security of these applications is of utmost importance since security breaches might negatively impact good reputation, and even result in bankruptcy. There are different methods of assessing security of Web applications, mainly based on some automated method of scanning. One type of scan method feeds random data to the application and monitors its behavior. The other type uses a database with predefined vulnerabilities that are checked one by one until either a vulnerability is found, or it can be claimed that the application does not have any known vulnerabilities. The important step in latter type of scan process is the identification of the application since in this case we are narrowing number of checks and, as a consequence, the scan process is faster. This paper describes a method for Web application identification based on a black box principle. Our method is based on the invariance of certain characteristics of Web applications. We experimentally tested and confirmed the usefulness of this approach.","language":"English","number":"6","journal":"INTERNATIONAL JOURNAL OF INFORMATION SECURITY","author":[{"propositions":[],"lastnames":["Kozina"],"firstnames":["Mario"],"suffixes":[]},{"propositions":[],"lastnames":["Golub"],"firstnames":["Marin"],"suffixes":[]},{"propositions":[],"lastnames":["Gros"],"firstnames":["Stjepan"],"suffixes":[]}],"month":"December","year":"2009","note":"Place: 233 SPRING ST, NEW YORK, NY 10013 USA Publisher: SPRINGER Type: Article","keywords":"Fingerprinting, Web application identification, Web security","pages":"455–467","bibtex":"@article{kozina_method_2009,\n\ttitle = {A method for identifying {Web} applications},\n\tvolume = {8},\n\tissn = {1615-5262},\n\tdoi = {10.1007/s10207-009-0092-3},\n\tabstract = {Web applications are ubiquitous in today's businesses. The security of these applications is of utmost importance since security breaches might negatively impact good reputation, and even result in bankruptcy. There are different methods of assessing security of Web applications, mainly based on some automated method of scanning. One type of scan method feeds random data to the application and monitors its behavior. The other type uses a database with predefined vulnerabilities that are checked one by one until either a vulnerability is found, or it can be claimed that the application does not have any known vulnerabilities. The important step in latter type of scan process is the identification of the application since in this case we are narrowing number of checks and, as a consequence, the scan process is faster. This paper describes a method for Web application identification based on a black box principle. Our method is based on the invariance of certain characteristics of Web applications. We experimentally tested and confirmed the usefulness of this approach.},\n\tlanguage = {English},\n\tnumber = {6},\n\tjournal = {INTERNATIONAL JOURNAL OF INFORMATION SECURITY},\n\tauthor = {Kozina, Mario and Golub, Marin and Gros, Stjepan},\n\tmonth = dec,\n\tyear = {2009},\n\tnote = {Place: 233 SPRING ST, NEW YORK, NY 10013 USA\nPublisher: SPRINGER\nType: Article},\n\tkeywords = {Fingerprinting, Web application identification, Web security},\n\tpages = {455--467},\n}\n\n","author_short":["Kozina, M.","Golub, M.","Gros, S."],"key":"kozina_method_2009","id":"kozina_method_2009","bibbaseid":"kozina-golub-gros-amethodforidentifyingwebapplications-2009","role":"author","urls":{},"keyword":["Fingerprinting","Web application identification","Web security"],"metadata":{"authorlinks":{}}},"bibtype":"article","biburl":"https://api.zotero.org/users/9236419/collections/TICWC8TV/items?key=k9maWL2g0hAUJy36gj6RGSoc&format=bibtex&limit=100","dataSources":["DY3AeP9t2QujfB78L","MpTxM7aR49zFotABd","qvHFkZEifSosh3FkP","82Ma9L9YWhqZas836"],"keywords":["fingerprinting","web application identification","web security"],"search_terms":["method","identifying","web","applications","kozina","golub","gros"],"title":"A method for identifying Web applications","year":2009}