A Study of Gaps in Defensive Countermeasures for Web Security
MIT Lincoln Laboratory Lexington United States
Pagination or Media Count:
Traditionally, simple defenses against web-based attacks, such as input sanitization, provide little protection against a motivated attacker with simple evasion capabilities and often have impractically high false positive and false negative rates. More effective defenses in this domain often either require significant modifications to servers and infrastructures, thus violating the federated model of such networks, or they impose high computational or operator overheads. As a result, the domain of web-based attacks requires significant research and development efforts to provide practical, effective defenses. In this report, we highlight some of the most important deployment challenges and gaps related to web-based defenses, which can be used to guide future research and development in this area.
- Computer Systems Management and Standards
- Computer Programming and Software