Reviewing effectivity in security approaches towards strengthening internet architecture

The usage of existing Internet architecture is shrouded by various security loopholes and hence is highly ineffective towards resisting potential threats over internet. Hence, it is claimed that future internet architecture has been evolved as a solution to address this security gaps of existing internet architecture. Therefore, this paper initiates its discussion by reviewing the existing practices of web security in conventional internet architecture and has also discussed about some recent solutions towards mitigating potentially reported threats e.g. cross-site scripting, SQL inject, and distributed denial-of-service. The paper has also discussed some of the recent research contribution towards security solution considering future internet architecture. The proposed manuscripts contributes to showcase the true effectiveness of existing approaches with respect to advantages and limitation of existing approaches along with explicit highlights of existing research problems that requires immediate attention

WIVET-benchmarking coverage qualities of web crawlers

WOS: 000397192400008Web application vulnerability scanners (WAVS) include crawler components to extract all accessible links of tested web pages in order to identify attack entry points and parameters. After extracting links, they perform different types of attacks over each extracted link and try to find out existing vulnerabilities in the tested web application for reporting. A WAVS tool that has a low-quality crawler component would generate false-negative results, since failing to discover existing links would inhibit detection of possible vulnerabilities exposed through these links. Therefore, the coverage quality of its crawler plays a very important role in the success of a WAVS tool. In this paper, we propose a novel method for analyzing and comparing coverage qualities of WAVS crawlers. We developed WIVET (Web Input Vector Extractor Teaser) as a benchmarking tool for analyzing crawler components of WAVS. WIVET evaluates WAVS crawlers based on their extraction capability of 56 target links that are generated statically or dynamically by WIVET's 21 test cases. We explain WIVET's architecture, all WIVET test cases and target links with code examples, integration of WIVET into WAVS development environments and WAVS benchmarking results in detail.TUBITAK, The Scientific and Technical Research Council of Turkey [BIDEB 2232, 114C104]TUBITAK, The Scientific and Technical Research Council of Turkey (grant BIDEB 2232, Project No.: 114C104)