Evaluating the [In]security of Web Applications

The web is a war zone! We cannot escape from it, we are not even soldiers and no one can assure our safety. Surprisingly, almost nobody seems to care: the only thing that matters is to have a presence in the web to communicate with partners and do business. Security issues have cascading effects within enterprises, with dramatic consequences to the dependability of the services they should provide, and it may irreversibly affect the company competitiveness, brand, partners and clients. To deal with this problem, this book is directed towards the evaluation of web application security mechanisms. It presents a field study to analyze and classify a large number of the most important web application vulnerabilities that are SQL Injection and XSS. This field study allowed the proposal of a methodology to inject realistic vulnerabilities in web applications. And this ability turns out to be a critical part of an attack injector for web applications that is also proposed. This tool can be used to evaluate security mechanisms, pointing out their weaknesses and ways of improvement. In the book, one of such security mechanism is also proposed: an IDS for (web application) databases.

Autorentext

received his PhD in Informatics Engineering from the University of Coimbra in 2011 and teaches computer related courses in the Polytechnic Institute of Guarda since 1993. He is the author or co-author of more than a dozen of research papers. His research on vulnerability and attack injection was granted with the DSN's William Carter Award of 2009.