Analysis of the Australian web threat landscape

One in approximately eight Australian IPs are exposed to one or more web threats on any typical day, finds this report released by an Australian Research Council (ARC) Linkage Project involving Trend Micro and Deakin University. The researchers’ analysed malicious activity from over 200,000,000 web requests per day from Australia, with around 400,000 of these issued to malicious web pages.Abstract This report discusses threats on the Australian web landscape. We analyse web logs and provide statistics on what is happening to the average Australian user of the world-wide web. The analysis covers aspects such as the volume and timing of web threats attacking Australians and the source geography of the malicious activity. We look at a case study of a web attack that had global reach and describe the impact of this attack on Australian web users

Threat Modelling for Active Directory

This paper analyses the security threats that can arise against an Active Directory server when it is included in a Web application. The approach is based on the STRIDE classification methodology. The paper also provides outline descriptions of countermeasures that can be deployed to protect against the different threats and vulnerabilities identified here

Analyse the risks of ad hoc programming in web development and develop a metrics of appropriate tools

Today the World Wide Web has become one of the most powerful tools for business promotion and social networking. As the use of websites and web applications to promote the businesses has increased drastically over the past few years, the complexity of managing them and protecting them from security threats has become a complicated task for the organizations. On the other hand, most of the web projects are at risk and less secure due to lack of quality programming. Although there are plenty of frameworks available for free in the market to improve the quality of programming, most of the programmers use ad hoc programming rather than using frameworks which could save their time and repeated work. The research identifies the different frameworks in PHP and .NET programming, and evaluates their benefits and drawbacks in the web application development. The research aims to help web development companies to minimize the risks involved in developing large web projects and develop a metrics of appropriate frameworks to be used for the specific projects. The study examined the way web applications were developed in different software companies and the advantages of using frameworks while developing them. The findings of the results show that it was not only the experience of developers that motivated them to use frameworks. The major conclusions and recommendations drawn from this research were that the main reasons behind web developers avoiding frameworks are that they are difficult to learn and implement. Also, the motivations factors for programmers towards using frameworks were self-efficiency, habit of learning new things and awareness about the benefits of frameworks. The research recommended companies to use appropriate frameworks to protect their projects against security threats like SQL injection and RSS injectio

The zombies strike back: Towards client-side beef detection

A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive approaches aimed at hardening network perimeters and detecting common threats based on traffic analysis have not been found successful in the context of BeEF detection. This paper presents a proof-of-concept approach to BeEF detection in its own operating environment – the web browser – based on global context monitoring, abstract syntax tree fingerprinting and real-time network traffic analysis

Access Control to Prevent Attacks Exploiting Vulnerabilities of WebView in Android OS

Android applications that using WebView can load and display web pages. Furthermore, by using the APIs provided in WebView, Android applications can interact with web pages. The interaction allows JavaScript code within the web pages to access resources on the Android device by using the Java object, which is registered into WebView. If this WebView feature were exploited by an attacker, JavaScript code could be used to launch attacks, such as stealing from or tampering personal information in the device. To address these threats, we propose a method that performs access control on the security-sensitive APIs at the Java object level. The proposed method uses static analysis to identify these security-sensitive APIs, detects threats at runtime, and notifies the user if threats are detected, thereby preventing attacks from web pages

Some Potential Issues with the Security of HTML5 IndexedDB

The new HTML5 standard provides much more access to client resources, such as user location and local data storage. Unfortunately, this greater access may create new security risks that potentially can yield new threats to user privacy and web attacks. One of these security risks lies with the HTML5 client-side database. It appears that data stored on the client file system is unencrypted. Therefore, any stored data might be at risk of exposure. This paper explains and performs a security investigation into how the data is stored on client local file systems. The investigation was undertaken using Firefox and Chrome web browsers, and Encase (a computer forensic tool), was used to examine the stored data. This paper describes how the data can be retrieved after an application deletes the client side database. Finally, based on our findings, we propose a solution to correct any potential issues and security risks, and recommend ways to store data securely on local file systems