Accession Number:

AD1034023

Title:

A Study of Gaps in Defensive Countermeasures for Web Security

Descriptive Note:

Technical Report

Corporate Author:

MIT Lincoln Laboratory Lexington United States

Report Date:

2015-10-18

Pagination or Media Count:

50.0

Abstract:

Web-based attacks are a prominent class of cyber attacks in todays networks. They are attacks that violate the security properties of web servers, web applications, web portals, web browsers, and web services. They can damage confidentiality, integrity, and availability of systems and networks and pose a significant threat to both systems connected to open, public networks i.e. the Internetand those that reside on closed, private networks. In their impact and sophistication, web-based attacks are on par with host-based attacks. Most web-based attacks are a form of the confused deputy problem in which one party is fooled about the identity or authority of another party. Virtually all web-based attacks are also a form of input validation problem where the target fails to properly check a potentially malicious, user provided input.

Subject Categories:

  • Computer Systems

Distribution Statement:

APPROVED FOR PUBLIC RELEASE