Security control for website defacement

Oscar Mondragón, Andrés Felipe Mera Arcos, Christian Urcuqui, Andrés Navarro Cadavid

Abstract


Cyber-attacks to websites are increasing steadily affecting the integrity and availability of information, so the implementation of safeguards to mitigate or reduce to acceptable levels the risks generated are necessary. Computer incidents produce economic and reputational impacts to different organizations. It has identified an increase in computer attacks on different organizations where one of them, and highly reputational impact, is the “Defacement” attack, which consists of unauthorized modification or alteration to the web sites, affecting the integrity of information. The result of this article proposes the development of a model for establishing a security control to perform the containment and reporting of this attack type, which currently have focused on the websites of the government entities. The development model allows online control the attack on Web sites by constant reading of certain parts of the source code making the detection and maintenance of the integrity of information.

Keywords


Defacement; web application; security; vulnerability; web security; integrity.

Full Text:

PDF

References


Aman, H., Yamashita, A., Sasaki, T., & Kawahara, M. (2014, August). Multistage growth model for code change events in open source software development: An example using development of Nagios. In Software Engineering and Advanced Applications (SEAA), 2014 40th EUROMICRO

Conference on, (pp. 207-212). IEEE.

Bartoli, A., Davanzo, G., & Medvet, E. (2010). A framework for large-scale detection of Web site defacements. ACM Transactions on Internet Technology (TOIT), 10(3), Art. 10. doi:10.1145/1852096.1852098

Caswell, B., Beale, J., & Baker, A. (2007). Snort intrusion detection and prevention toolkit. Burlington, MA: Syngress.

Cerf, V. G. & Quaynor, N. (2014). The Internet of everyone. IEEE Internet Computing, 18(3), 96-96.

Dalai, A. K. & Jena, S. K. (2011). Evaluation of web application security risks and secure design patterns. In Proceedings of the 2011 International Conference on Communication, Computing & Security, (pp. 565-568). New York, NY: ACM.

Fujimura, N. & Mei, J. (2007). Implementation of file interpolation detection system. In Proceedings of the 35th annual ACM SIGUCCS fall conference, (pp. 118-121). New York, NY: ACM.

Gross, G. (2015, June). US Army website defaced, then brought down. Retrieved from: http://www.pcworld.com/article/2932936/us-army-website-defaced-then-brought-down.html

Harper, A., Harris, S., Ness, J., Eagle, C., Lenkey, G., & Williams, T. (2015). Gray hat hacking: The ethical hackers handbook. New York, NY: McGraw-Hill.

Howard, G. M., Gutierrez, C. N., Arshad, F. A., Bagchi, S., & Qi, Y. (2014, June). pSigene: Webcrawling to generalize SQL injection signatures. In Dependable Systems and Networks (DSN), 2014 44th Annual IEEE/IFIP International Conference on, (pp. 45-56). IEEE.

Jericho & Munge. (2000). Hard-core web defacement statistics trends and analysis [video]. Retrieved from: https://www.youtube.com/watch?v=7nrDoH4GZV0

Kim, G. H. & Spafford, E. H. (1994, November). The design and implementation of tripwire: A file system integrity checker. In: Proceedings of the 2nd ACM Conference on Computer and Communications Security, (pp. 18-29). New York, NY: ACM.

Kumar, M. (2015, May). Gaana.com hacked, 10 million user´s details exposed. Retrieved from: http://thehackernews.com/2015/05/gaanacom-hacked-10-million-users.html

Mohaisen, A. (2015, November). Towards automatic and lightweight detection and classification of malicious web contents. In Hot Topics in Web Systems and Technologies (HotWeb), 2015 Third IEEE Workshop on, (pp. 67-72). IEEE.

Roesch, M. (1999, November). Snort: Lightweight intrusion detection for networks. In LISA, 99(1), 229-238.

Stuttard, D. & Pinto, M. (2011). The web application hacker's handbook: Finding and exploiting security flaws. Indianapolis, IN: John Wiley & Sons.

Wei, W. (2015, November). Rise in website: Defacement attacks by hackers around the world. retrieved from: http://thehackernews.com/2013/11/rise-in-website-defacement-attacks-by.html

Zhong, Y., Asakura, H., Takakura, H., & Oshima, Y. (2015, July). Detecting malicious inputs of web application parameters using character class sequences. In Computer Software and Applications Conference (COMPSAC), 2015 IEEE 39th Annual, (Vol. 2, pp. 525-532). IEEE.

Zone-H [Web site]. Retrieved from: http://www.zone-h.org




DOI: http://dx.doi.org/10.18046/syt.v15i41.2442

Refbacks

  • There are currently no refbacks.

Comments on this article

View all comments