The Web Attacker Perspective – A Field Study

Bibliographic Details
Main Author: Fonseca, José Martins
Publication Date: 2010
Language: eng
Source: Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
Download full: http://hdl.handle.net/10314/2689
Summary: Web applications are a fundamental pillar of today’s globalized world. Society depends and relies on them for business and daily life. However, web applications are under constant attack by hackers that exploit their vulnerabilities to access valuable assets and disrupt business. Many studies and reports on web application security problems analyze the victim’s perspective by detailing the vulnerabilities publicly disclosed. In this paper we present a field study on the attacker’s perspective by looking at over 300 real exploits used by hackers to attack web applications. Results show that SQL injection and Remote File Inclusion are the two most frequently used exploits and that hackers prefer easier rather than complicated attack techniques. Exploit and vulnerability data are also correlated to show that, although there are many types of vulnerabilities out there, only few are interesting enough for attackers to obtain what they want the most: root shell access and admin passwords.
id RCAP_fa74e9f254fd60d162fdabd3a53a65a2
oai_identifier_str oai:bdigital.ipg.pt:10314/2689
network_acronym_str RCAP
network_name_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository_id_str https://opendoar.ac.uk/repository/7160
spelling The Web Attacker Perspective – A Field StudySecurityExploitVulnerabilityWeb applicationField studyWeb applications are a fundamental pillar of today’s globalized world. Society depends and relies on them for business and daily life. However, web applications are under constant attack by hackers that exploit their vulnerabilities to access valuable assets and disrupt business. Many studies and reports on web application security problems analyze the victim’s perspective by detailing the vulnerabilities publicly disclosed. In this paper we present a field study on the attacker’s perspective by looking at over 300 real exploits used by hackers to attack web applications. Results show that SQL injection and Remote File Inclusion are the two most frequently used exploits and that hackers prefer easier rather than complicated attack techniques. Exploit and vulnerability data are also correlated to show that, although there are many types of vulnerabilities out there, only few are interesting enough for attackers to obtain what they want the most: root shell access and admin passwords.2016-09-13T14:35:28Z2016-09-132010-01-01T00:00:00Zconference objectinfo:eu-repo/semantics/publishedVersionhttp://hdl.handle.net/10314/2689http://hdl.handle.net/10314/2689engFonseca, José Martinsinfo:eu-repo/semantics/openAccessreponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiainstacron:RCAAP2025-01-05T02:58:07Zoai:bdigital.ipg.pt:10314/2689Portal AgregadorONGhttps://www.rcaap.pt/oai/openaireinfo@rcaap.ptopendoar:https://opendoar.ac.uk/repository/71602025-05-28T19:23:24.824311Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologiafalse
dc.title.none.fl_str_mv The Web Attacker Perspective – A Field Study
title The Web Attacker Perspective – A Field Study
spellingShingle The Web Attacker Perspective – A Field Study
Fonseca, José Martins
Security
Exploit
Vulnerability
Web application
Field study
title_short The Web Attacker Perspective – A Field Study
title_full The Web Attacker Perspective – A Field Study
title_fullStr The Web Attacker Perspective – A Field Study
title_full_unstemmed The Web Attacker Perspective – A Field Study
title_sort The Web Attacker Perspective – A Field Study
author Fonseca, José Martins
author_facet Fonseca, José Martins
author_role author
dc.contributor.author.fl_str_mv Fonseca, José Martins
dc.subject.por.fl_str_mv Security
Exploit
Vulnerability
Web application
Field study
topic Security
Exploit
Vulnerability
Web application
Field study
description Web applications are a fundamental pillar of today’s globalized world. Society depends and relies on them for business and daily life. However, web applications are under constant attack by hackers that exploit their vulnerabilities to access valuable assets and disrupt business. Many studies and reports on web application security problems analyze the victim’s perspective by detailing the vulnerabilities publicly disclosed. In this paper we present a field study on the attacker’s perspective by looking at over 300 real exploits used by hackers to attack web applications. Results show that SQL injection and Remote File Inclusion are the two most frequently used exploits and that hackers prefer easier rather than complicated attack techniques. Exploit and vulnerability data are also correlated to show that, although there are many types of vulnerabilities out there, only few are interesting enough for attackers to obtain what they want the most: root shell access and admin passwords.
publishDate 2010
dc.date.none.fl_str_mv 2010-01-01T00:00:00Z
2016-09-13T14:35:28Z
2016-09-13
dc.type.driver.fl_str_mv conference object
dc.type.status.fl_str_mv info:eu-repo/semantics/publishedVersion
status_str publishedVersion
dc.identifier.uri.fl_str_mv http://hdl.handle.net/10314/2689
http://hdl.handle.net/10314/2689
url http://hdl.handle.net/10314/2689
dc.language.iso.fl_str_mv eng
language eng
dc.rights.driver.fl_str_mv info:eu-repo/semantics/openAccess
eu_rights_str_mv openAccess
dc.source.none.fl_str_mv reponame:Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
instname:FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron:RCAAP
instname_str FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
instacron_str RCAAP
institution RCAAP
reponame_str Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
collection Repositórios Científicos de Acesso Aberto de Portugal (RCAAP)
repository.name.fl_str_mv Repositórios Científicos de Acesso Aberto de Portugal (RCAAP) - FCCN, serviços digitais da FCT – Fundação para a Ciência e a Tecnologia
repository.mail.fl_str_mv info@rcaap.pt
_version_ 1833598067092226048

Similar Items