The Cyber Threats Analysis for Web Applications Security in Industry 4.0

Sołtysik-Piorunkiewicz, Anna; Krysiak, Monika

doi:10.1007/978-3-030-40417-8_8

Cited by 10 publications

(9 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Modern industry is integrated with the Internet by Web applications, used for customer rights management, products online monitoring, and updating or implementing supply chains. Such applications are gateways for different attacks, annually reported by OWASP, NIST, or MITRE [55]. The spectrum of most frequent threats involved in using web applications evolves in time, extending beyond a set of about 30 methods [56].…”

Section: ) Threats and Vulnerabilitiesmentioning

confidence: 99%

Verticals in 5G MEC-Use Cases and Security Challenges

et al. 2021

View full text Add to dashboard Cite

5G is the fifth-generation cellular network satisfying the requirements IMT-2020 (International Mobile Telecommunications-2020) of the International Telecommunication Union. Mobile network operators started using it worldwide in 2019. Generally, 5G achieves exceptionally high values of performance parameters of access and transmission. The application of edge servers facilitated the implementation of such requirements of 5G, which resulted in 5G MEC (Multi-access Edge Computing) technology. Moreover, to optimize services for specific business applications, the concept of 5G vertical industries has been proposed. In this paper, we study how the application of the MEC technology affects the functioning of 5G MEC-based services. We consider twelve representative vertical industries of 5G MEC by presenting their essential characteristics, threats, vulnerabilities, and known attacks. Next, we analyze their functional properties, give efficiency patterns and identify the effect of applying the MEC technology in 5G on the resultant network's quality parameters to identify the expected security requirements. Finally, we identify the impact of classified threats on the 5G empowered vertical industries and identify the most sensitive cases to focus on their protection against network attacks in the first place.

show abstract

Section: ) Threats and Vulnerabilitiesmentioning

confidence: 99%

Verticals in 5G MEC-Use Cases and Security Challenges

et al. 2021

View full text Add to dashboard Cite

show abstract

“…According to [ 25 ] improper authentication allows malicious users to access sensitive data through dictionary, birthday and brute force attacks focused on in [ 75 , 76 ]. Dictionary attacks are only possible due to the improper setup of authentication, allowing attackers to perform countless login tries with every word from a word list.…”

Section: Review Of Selected Studiesmentioning

confidence: 99%

“…Vulnerabilities related to web services and applications are usually associated with coding errors that enable destructive or non-destructive attacks. Vulnerabilities that allow malicious users to execute unwanted scripts [25], such as Insecure Deserialization, XML External Entities (XXE), Cross-site Request Forgery (CSRF), Cross-site Scripting (XSS) and SQL Injection in a web application are the most common. Insecure Deserialization occurs when user-controllable data are deserialized by a website, allowing attackers to manipulate serialized objects to pass harmful data to the application code.…”

Section: Web Applicationmentioning

confidence: 99%

A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 with New Challenges on Data Sovereignty Ahead

Pedreira

Barros

Pinto

2021

Sensors

View full text Add to dashboard Cite

The concepts brought by Industry 4.0 have been explored and gradually applied.The cybersecurity impacts on the progress of Industry 4.0 implementations and their interactions with other technologies require constant surveillance, and it is important to forecast cybersecurity-related challenges and trends to prevent and mitigate these impacts. The contributions of this paper are as follows: (1) it presents the results of a systematic review of industry 4.0 regarding attacks, vulnerabilities and defense strategies, (2) it details and classifies the attacks, vulnerabilities and defenses mechanisms, and (3) it presents a discussion of recent challenges and trends regarding cybersecurity-related areas for Industry 4.0. From the systematic review, regarding the attacks, the results show that most attacks are carried out on the network layer, where dos-related and mitm attacks are the most prevalent ones. Regarding vulnerabilities, security flaws in services and source code, and incorrect validations in authentication procedures are highlighted. These are vulnerabilities that can be exploited by dos attacks and buffer overflows in industrial devices and networks. Regarding defense strategies, Blockchain is presented as one of the most relevant technologies under study in terms of defense mechanisms, thanks to its ability to be used in a variety of solutions, from Intrusion Detection Systems to the prevention of Distributed dos attacks, and most defense strategies are presented as an after-attack solution or prevention, in the sense that the defense mechanisms are only placed or thought, only after the harm has been done, and not as a mitigation strategy to prevent the cyberattack. Concerning challenges and trends, the review shows that digital sovereignty, cyber sovereignty, and data sovereignty are recent topics being explored by researchers within the Industry 4.0 scope, and GAIA-X and International Data Spaces are recent initiatives regarding data sovereignty. A discussion of trends is provided, and future challenges are pointed out.

show abstract

“…The OWASP Top Ten project brings together the most important vulnerability categories. There are several works that confirm web applications tested did not pass the OWASP Top Ten project [2][3][4]. Web applications in organizations and companies connected through the Internet and Intranets imply that they are used to develop any type of business, but at the same time they have become a valuable target of a great variety of attacks by exploiting the design, implementation or operation vulnerabilities, included in the OWASP Top Ten project, to obtain some type of economic advantage, privileged information, denial, extortion, etc.…”

Section: Web Applications Securitymentioning

confidence: 99%

“…Taking into account statistics of security vulnerabilities reported by several studies [2][3][4], the most adequate test bench for using SAST, DAST and IAST tools is OWASP benchmark project [14]. This benchmark is an open source web application in Java language deployed in Apache Tomcat.…”

Section: Benchmark Selectionmentioning

confidence: 99%

On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications

Tudela

Higuera

et al. 2020

Applied Sciences

View full text Add to dashboard Cite

The design of the techniques and algorithms used by the static, dynamic and interactive security testing tools differ. Therefore, each tool detects to a greater or lesser extent each type of vulnerability for which they are designed for. In addition, their different designs mean that they have different percentages of false positives. In order to take advantage of the possible synergies that different analysis tools types may have, this paper combines several static, dynamic and interactive analysis security testing tools—static white box security analysis (SAST), dynamic black box security analysis (DAST) and interactive white box security analysis (IAST), respectively. The aim is to investigate how to improve the effectiveness of security vulnerability detection while reducing the number of false positives. Specifically, two static, two dynamic and two interactive security analysis tools will be combined to study their behavior using a specific benchmark for OWASP Top Ten security vulnerabilities and taking into account various scenarios of different criticality in terms of the applications analyzed. Finally, this study analyzes and discuss the values of the selected metrics applied to the results for each n-tools combination.

show abstract

The Cyber Threats Analysis for Web Applications Security in Industry 4.0

Cited by 10 publications

References 9 publications

Verticals in 5G MEC-Use Cases and Security Challenges

Verticals in 5G MEC-Use Cases and Security Challenges

A Review of Attacks, Vulnerabilities, and Defenses in Industry 4.0 with New Challenges on Data Sovereignty Ahead

On Combining Static, Dynamic and Interactive Analysis Security Testing Tools to Improve OWASP Top Ten Security Vulnerability Detection in Web Applications

Contact Info

Product

Resources

About