Web and Web Security

Web services are self-contained modular applications that provide a computation upon request. These services can be described, published, located, and invoked over a network, generally over the Internet. However, intranets, extranets, and LANs can also be used. as well. In using web services for its information systems needs, a firm may open access to its information assets. This action can become an attractive target for malicious hackers, industrial espionage, and fraud. The assurance of security of web services is necessary for a firm to be willing to adopt the web services technology as a means of running its information system

Design and evaluation of a learning environment to effectively provide network security skills

Information system security and network security are topics of increasing importance in the information society. They are also topics where the adequate education of professionals requires the use of specific laboratory environments where the practical aspects of the discipline may be addressed. However, most approaches currently used are excessively static and lack the flexibility that the education requirements of security professionals demand. In this paper we present NEMESIS, a scenario generation framework for education on system and network security, which is based on virtualization technologies and has been designed to be open, distributed, modular, scalable and flexible. Finally, an example scenario is described and some results validating the benefits of its use in undergraduate computer security courses are shown.La seguridad de redes y sistemas de información es un área de importancia creciente en el ámbito de la sociedad de información. Además, constituye un tema en el que la adecuada formación de profesionales exige el uso de entornos de laboratorio específicos en los que abordar los aspectos prácticas de la disciplina. Sin embargo, la mayoría de las aproximación usadas en la actualidad son excesivamente estáticas y carecen de la flexibilidad que las exigencias de la formación de profesionales de seguridad imponente. En este artículo, presentamos NEMESIS, un entorno para la generación de escenarios para la formación en seguridad de redes y sistemas, basado en tecnologías de virtualización que ha sido diseñado para ser abierto, distribuido, modular, escalable y flexible. Finalmente, se describe un escenario de ejemplo y se muestran resultados que validan los beneficios de su uso en cursos de seguridad informática de grad

Design and evaluation of a learning environment to effectively provide network security skills

Information system security and network security are topics of increasing importance in the information society. They are also topics where the adequate education of professionals requires the use of specific laboratory environments where the practical aspects of the discipline may be addressed. However, most approaches currently used are excessively static and lack the flexibility that the education requirements of security professionals demand. In this paper we present NEMESIS, a scenario generation framework for education on system and network security, which is based on virtualization technologies and has been designed to be open, distributed, modular, scalable and flexible. Finally, an example scenario is described and some results validating the benefits of its use in undergraduate computer security courses are shown.La seguridad de redes y sistemas de información es un área de importancia creciente en el ámbito de la sociedad de información. Además, constituye un tema en el que la adecuada formación de profesionales exige el uso de entornos de laboratorio específicos en los que abordar los aspectos prácticas de la disciplina. Sin embargo, la mayoría de las aproximación usadas en la actualidad son excesivamente estáticas y carecen de la flexibilidad que las exigencias de la formación de profesionales de seguridad imponente. En este artículo, presentamos NEMESIS, un entorno para la generación de escenarios para la formación en seguridad de redes y sistemas, basado en tecnologías de virtualización que ha sido diseñado para ser abierto, distribuido, modular, escalable y flexible. Finalmente, se describe un escenario de ejemplo y se muestran resultados que validan los beneficios de su uso en cursos de seguridad informática de grad

A survey of denial-of-service and distributed denial of service attacks and defenses in cloud computing

Cloud Computing is a computingmodel that allows ubiquitous, convenient and on-demand access to a shared pool of highly configurable resources (e.g., networks, servers, storage, applications and services). Denial-of-Service (DoS) and Distributed Denial-of-Service (DDoS) attacks are serious threats to the Cloud services’ availability due to numerous new vulnerabilities introduced by the nature of the Cloud, such as multi-tenancy and resource sharing. In this paper, new types of DoS and DDoS attacks in Cloud Computing are explored, especially the XML-DoS and HTTP-DoS attacks, and some possible detection and mitigation techniques are examined. This survey also provides an overview of the existing defense solutions and investigates the experiments and metrics that are usually designed and used to evaluate their performance, which is helpful for the future research in the domain