Abstract
The tremendous growth of the web-based applications has increased information security vulnerabilities over the Internet. The threat landscape of applications security is constantly evolving (see CVE 1. published reports 2.). The key factors in this evolution are the progress made by the attackers, the emergence of new technologies with new weaknesses, as well as more integrated defenses, and the deployment of increasingly complex systems. Our contribution’s goal is to build a common model of the most famous and dangerous WEB attacks which will allow us to better understand those attacks and hence, adopt the most adapted security strategy to a given business and technical environment. This modeling can also be useful to the problematic of intrusion detection systems evaluation. We have relied on the OWASP TOP 10 classification of the most recent critical WEB attacks 3. and we deduced at the end of this paper a global modeling of all these attacks.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Similar content being viewed by others
References
CVE: Common Vulnerabilities and Exposures (CVE), Cve.mitre.org (2017). http://cve.mitre.org/. Accessed 10 June 2017
Vulnerability distribution of CVE security vulnerabilities by types, Cvedetails.com (2017). https://www.cvedetails.com/vulnerabilities-by-types.php. Accessed 10 Jun 2017
Top 10 2013-Top 10-OWASP, Owasp.org (2017). https://www.owasp.org/index.php/Top_10_2013-Top_10. Accessed 10 June 2017
OWASP, Owasp.org (2017). https://www.owasp.org/index.php/Main_Page. Accessed 10 June 2017
Abou El Kalam, A., Gad El Rab, M., Deswarte, Y.: A model-driven approach for experimental evaluation of intrusion detection systems. Secur. Commun. Netw. 7(11), 1955–1973 (2013, in press)
Ayachi, Y., Rahmoune, N., Ettifouri, E., Berrich, J., Bouchentouf, T.: Setting up a self-learning IDS based on Markov chains theory. In: 2016 5th International Conference on Multimedia Computing and Systems (ICMCS) (2016, in press)
The MITRE Corporation, Mitre.org (2017). https://www.mitre.org/. Accessed 10 Jun 2017
Official PCI Security Standards Council Site - Verify PCI Compliance, Download Data Security and Credit Card Security Standards, Pcisecuritystandards.org (2017). https://www.pcisecuritystandards.org/. Accessed 10 June 2017
Defense Information Systems Agency, Disa.mil (2017). http://www.disa.mil/. Accessed 10 June 2017
Federal Trade Commission: Federal Trade Commission (2017). https://www.ftc.gov. Accessed 10 June 2017
Ettifouri, E.H., Rhouati, A., Dahhane, W., Bouchentouf, T.: ZeroCouplage framework: a framework for multi-supports applications (web, mobile and desktop). In: El Oualkadi A., Choubani F., El Moussati A. (eds.) Proceedings of the Mediterranean Conference on Information & Communication Technologies 2015. LNEE, vol 381. Springer, Cham (2016)
Ayachi, Y., Rahmoune, N., Ettifouri, E., Berrich, J., Bouchentouf, T.: Detecting website vulnerabilities based on Markov chains theory. In: 2016 5th International Conference on Multimedia Computing and Systems (ICMCS) (2016, in press)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Switzerland AG
About this paper
Cite this paper
Ayachi, Y., Ettifouri, E.H., Berrich, J., Toumi, B. (2019). Modeling the OWASP Most Critical WEB Attacks. In: Rocha, Á., Serrhini, M. (eds) Information Systems and Technologies to Support Learning. EMENA-ISTL 2018. Smart Innovation, Systems and Technologies, vol 111. Springer, Cham. https://doi.org/10.1007/978-3-030-03577-8_49
Download citation
DOI: https://doi.org/10.1007/978-3-030-03577-8_49
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-03576-1
Online ISBN: 978-3-030-03577-8
eBook Packages: Intelligent Technologies and RoboticsIntelligent Technologies and Robotics (R0)