GuruWS: A Hybrid Platform for Detecting Malicious Web Shells and Web Application Vulnerabilities

Le, Van-Giap; Nguyen, Huu-Tung; Pham, Duy-Phuc; Phung, Van-On; Nguyen, Ngoc-Hoa

doi:10.1007/978-3-662-58611-2_5

Cited by 10 publications

(6 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…In particular, MJDetector can distinguish JavaScipt assaults in current website pages with high precision 94.76% and de-jumble muddle code of explicit sorts with exactness 100% though the gauge strategy can just identify with exactness 81.16% and has no limit of deobscurity. The recent study proposes Le et al [96] E-THAPS which actualizes a novel discovery component, an improved SQL infusion, Cross-site Scripting, and helplessness identification capacities. For vindictive web shell identification, pollute examination, and example coordinating techniques are picked to be actualized in GuruWS.…”

Section: ) Discussionmentioning

confidence: 99%

See 1 more Smart Citation

A Survey on Detection and Prevention of Web Vulnerabilities

Noman¹,

Iqbal²,

Manzoor³

2020

IJACSA

View full text Add to dashboard Cite

The Internet provides a vast range of benefits to society and empowers the users in a variety of ways to use web applications. Simply, the internet has become the most transformative and fast-growing technology ever built, but it also brings new security challenges to web services in internet applications because of the scattered and open nature of the internet. A simple vulnerability in the program code could favor/benefit an attacker to obtain unauthorized access and perform adversary actions. Hence, the security of web applications from a hacking attempt is of paramount importance. This paper focuses on a literature survey recapitulating security solutions and major vulnerabilities to promote further research by systemizing the existing methods, on a bigger horizon. The data is collected from an absolute of 86 primary studies that are taken from well-known digital libraries. Different methods comprising secure programming, static, Dynamic, Hybrid analysis, and machine learning classify the data from articles. The quantity of references or the significance of a developing strategy is kept in account while selecting articles. Overall, our survey suggests that there is no way to alleviate all the web vulnerabilities therefore more studies is desirable in the area of web information security. All methods' complexity is addressed and some recommendations regarding when to use the application of given methods are provided. Finally, we typify the experience gained and examine future research openings in web application security.

show abstract

Section: ) Discussionmentioning

confidence: 99%

“…The challenge with hybrid analysis is that DAST relies on data being reflected in the browser, so if a SAST data flow is not reflected in the browser as a DAST issue. From the existing study, Le et al [96] and Stock et al [94] are useful approaches in hybrid Analysis. The methods of hybrid analysis are summarized year-wise shows in Fig.…”

Section: ) Discussionmentioning

confidence: 99%

A Survey on Detection and Prevention of Web Vulnerabilities

Noman¹,

Iqbal²,

Manzoor³

2020

IJACSA

View full text Add to dashboard Cite

show abstract

“…-This methodology in comparison to other proposals how [70][71][72][73][74], differs in the first place in that the necessary criteria that allow taking advantage of the coverage of static and dynamic analyzes as a whole are not defined, but rather, they use each One of these approaches separately, also do not establish a clear way of how to discern the results produced by tools, which generate many false positives. They also do not use the criteria for checking results manually.…”

Section: Rq5 How This Methodology Differs From Other Methodologies Th...mentioning

confidence: 99%

“…The method designed in [73] establishes the penetration testing mechanism (PenTesting). The work implemented in [74] designs an injection tool for SQLi and XSS, however its degree of coverage is very limited. The method designed in [72] uses analysis tools based on the Kali Linux Operating System.…”

Section: Rq5 How This Methodology Differs From Other Methodologies Th...mentioning

confidence: 99%

Hybrid Security AssessmentMethodology forWeb Applications

Correa¹,

Higuera²,

Higuera³

et al. 2021

Computer Modeling in Engineering &Amp; Sciences

View full text Add to dashboard Cite

This study presents a methodology to evaluate and prevent security vulnerabilities issues for web applications. The analysis process is based on the use of techniques and tools that allow to perform security assessments of white box and black box, to carry out the security validation of a web application in an agile and precise way. The objective of the methodology is to take advantage of the synergies of semi-automatic static and dynamic security analysis tools and manual checks. Each one of the phases contemplated in the methodology is supported by security analysis tools of different degrees of coverage, so that the results generated in one phase are used as feed for the following phases in order to get an optimized global security analysis result. The methodology can be used as part of other more general methodologies that do not cover how to use static and dynamic analysis tools in the implementation and testing phases of a Secure Software Development Life Cycle (SSDLC). A practical application of the methodology to analyze the security of a real web application demonstrates its effectiveness by obtaining a better optimized vulnerability detection result against the true and false positive metrics. Dynamic analysis with manual checking is used to audit the results, 24.6 per cent of security vulnerabilities reported by the static analysis has been checked and it allows to study which vulnerabilities can be directly exploited externally. This phase is very important because it permits that each reported vulnerability can be checked by a dynamic second tool to confirm whether a vulnerability is true or false positive and it allows to study which vulnerabilities can be directly exploited externally. Dynamic analysis finds six (6) additional critical vulnerabilities. Access control analysis finds other five (5) important vulnerabilities such as Insufficient Protected Passwords or Weak Password Policy and Excessive Authentication Attacks, two vulnerabilities that permit brute force attacks.

show abstract

“…Le et al [47,48] combined taint analysis and pattern matching to detect webshells. Taint analysis is performed to divide the code into tokens during the lexical analysis phase.…”

Section: Static Methodsmentioning

confidence: 99%

WTA: A Static Taint Analysis Framework for PHP Webshell

Zhao

Wang

et al. 2021

Applied Sciences

View full text Add to dashboard Cite

Webshells are a malicious scripts that can remotely control a webserver to execute arbitrary commands, steal sensitive files, and further invade the internal network. Existing webshell detection methods, such as using pattern matching for webshell detection, can be easily bypassed by attackers using the file include and user-defined functions. Furthermore, detecting unknown webshells has always been a problem in the field of webshell detection. In this paper, we propose a static webshell detection method based on taint analysis, which realizes accurate taint analysis based on ZendVM. We first converted the PHP code into Opline sequences, analyzed the Opline sequences in order, and marked the externally imported taint source. Then, the propagation of the taint variables was tracked, and the interprocedural analysis of the taint variables was performed. Finally, considering the dangerous functions’ call and the referencing of the taint variables at the point of the taint sink, we completed the webshell judgment. Based on this method, we constructed a taint analysis prototype system named WTA and evaluated it with a benchmark dataset by comparing its performance with popular webshell detection tools. The results showed that our method supports interprocedural analysis and has the ability to detect unknown webshells and that WTA’s performance surpasses well-known webshell detection tools such as D-shield, SHELLPUB, WebshellKiller, CloudWalker, ClamAV, LoKi, and findbot.pl.

show abstract

GuruWS: A Hybrid Platform for Detecting Malicious Web Shells and Web Application Vulnerabilities

Cited by 10 publications

References 9 publications

A Survey on Detection and Prevention of Web Vulnerabilities

A Survey on Detection and Prevention of Web Vulnerabilities

Hybrid Security AssessmentMethodology forWeb Applications

WTA: A Static Taint Analysis Framework for PHP Webshell

Contact Info

Product

Resources

About