Profile based Web Application Attack Detection and Filtering Method |
Yun Young-Tae
(국가보안기술연구소)
Ryou Jae-Cheol (충남대학교 정보통신공학부) Park Sang-Seo (국가보안기술연구소) Park Jong-Wook (국가보안기술연구소) |
1 | zeroboard, http://www.zeroboard.com |
2 | TeleportPro, http://www.tenmax.com/telport/pro/home.htm |
3 | Awstats, 'http://www.awstats.org' |
4 | phpBB, http://www.phpbb.com |
5 | CrazyWebBoard, http://www.crazywebboard.com |
6 | Sverre H. Huseby, 'Common Security Problems in the Code of Dynamic Web Applications', Web Application Security Consortium(www.webappsec.org), June, 2005 |
7 | Gentoo Linux Security Advisory, http://www.gentoo.org. |
8 | BugTraq, http//www.securityfocus.com/archive/1 |
9 | Mark Curphey, David Endler, 'A Guide to Building Secure Web Applications', OWASP, Sep., 2002 |
10 | Robert Auger, Ryan Barnett, 'Web Application Security Consortium: Threat Classification Version 1.0', Web Application Security Consortium(www.webappsec.org), 2004 |
11 | Ory Segal, 'Web Application Forensics: The unchatterd Territory', SANCTUM, 2002 |
12 | Shreeraj Shah, 'Defending Web Services using Mod Security(Apache)', NetSquare, 2004 |
13 | http://www.theregister.co.uk/2004/12/21/santy_worm/ |
14 | Mark Curphey, Joel Scambray, Erik Olson, 'Improving Web Application Security: Threats and Countermeasures', Microsoft Corporation, 2003 |
15 | Michael Benedikt, Juliana Freire, Patri Godeproid, 'VeriWeb : Automatically Testing Dynamic Web Sites', Proc. of the World Wide Web Conference, 2002 |
16 | Ivan Ristic, 'Web Intrusion Detection with Mod_Security', OWASP AppSec Europe, 2005 |
17 | Y. W. Huang et al, 'Securing Web Application Code by static Analysis and Runtime Protection', Proc. of the World Wide Web Conference, May, 2004 DOI |
18 | Scott, D., Sharp. R, 'Abstracting Application-Level Web Security', Proc. of the World Wide Web Conference, 2002 DOI |
19 | Christoher Kruegel, Giobanni Vigna, William Robertson, 'A multi-model approach to the detection of web-based attacks', Computer Networks: Vol.48, No.5, pp.717-738, August, 2005 DOI ScienceOn |
20 | Jeffry R. Williams et al., 'The Ten Most Critical Web Application Security Vulnerabilities', OWASP, 2004 |
21 | http://isc.sans.org/diary.php?date=2005-11-05 |