Towards a Framework of Configuring and Evaluating ModSecurity WAF on Tomcat and Apache Web Servers

Yari, Imrana Abdullahi; Abdullahi, B. F.; Adeshina, Steve A.

doi:10.1109/icecco48375.2019.9043209

Cited by 5 publications

(4 citation statements)

References 9 publications

Supporting

Mentioning

Contrasting

Unclassified

Order By: Relevance

“…Successful pollution attacks on P2P PHSs can be devastating because of the higher integrity and availability requirements of medical data than data shared in other P2P systems. The consequences of its exploitation could be between low and high, depending on the level of access gained; pollution attacks often serve as a gateway to identify vulnerabilities (eg, unverified inputs that can be used for SQL injection attacks [ 129 ]) and mount further attacks (eg, ransomware attacks). For example, in 2020, a patient in need of emergency care due to an aneurysm died in Germany during a ransomware attack in a hospital.…”

Section: Resultsmentioning

confidence: 99%

“…In the case of P2P PHSs, the threat impact could be one user at a time, with the probability of escalating and affecting others in the network. Social engineering can be observed as an intelligent information gathering stage for attackers to mount other attacks [ 129 ], such as scamming patients to obtain, for instance, access credentials to their P2P PHS accounts. Depending on the attackers’ goals, they may modify patients’ health records or upload malware to the P2P network to affect patients’ lives, health, location, privacy, behaviors, or activities [ 93 ] and sabotage the PHS and its providers.…”

Section: Resultsmentioning

confidence: 99%

See 1 more Smart Citation

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Yari¹,

Dehling²,

Kluge³

et al. 2021

J Med Internet Res

View full text Add to dashboard Cite

Background Patient-centered health care information systems (PHSs) enable patients to take control and become knowledgeable about their own health, preferably in a secure environment. Current and emerging PHSs use either a centralized database, peer-to-peer (P2P) technology, or distributed ledger technology for PHS deployment. The evolving COVID-19 decentralized Bluetooth-based tracing systems are examples of disease-centric P2P PHSs. Although using P2P technology for the provision of PHSs can be flexible, scalable, resilient to a single point of failure, and inexpensive for patients, the use of health information on P2P networks poses major security issues as users must manage information security largely by themselves. Objective This study aims to identify the inherent security issues for PHS deployment in P2P networks and how they can be overcome. In addition, this study reviews different P2P architectures and proposes a suitable architecture for P2P PHS deployment. Methods A systematic literature review was conducted following PRISMA (Preferred Reporting Items for Systematic Reviews and Meta-Analyses) reporting guidelines. Thematic analysis was used for data analysis. We searched the following databases: IEEE Digital Library, PubMed, Science Direct, ACM Digital Library, Scopus, and Semantic Scholar. The search was conducted on articles published between 2008 and 2020. The Common Vulnerability Scoring System was used as a guide for rating security issues. Results Our findings are consolidated into 8 key security issues associated with PHS implementation and deployment on P2P networks and 7 factors promoting them. Moreover, we propose a suitable architecture for P2P PHSs and guidelines for the provision of PHSs while maintaining information security. Conclusions Despite the clear advantages of P2P PHSs, the absence of centralized controls and inconsistent views of the network on some P2P systems have profound adverse impacts in terms of security. The security issues identified in this study need to be addressed to increase patients’ intention to use PHSs on P2P networks by making them safe to use.

show abstract

Section: Resultsmentioning

confidence: 99%

Section: Resultsmentioning

confidence: 99%

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Yari¹,

Dehling²,

Kluge³

et al. 2021

J Med Internet Res

View full text Add to dashboard Cite

show abstract

“…Existem alguns recursos para desvio de firewall e WAF (Web Application Firewall) [Yari et al 2019], tais como: alterar os cabec ¸alhos da requisic ¸ão por completo (ao invés de passar uma URL como alvo para a ferramenta, é passado um arquivo que contenha as suas informac ¸ões de requisic ¸ão), fazer a mutac ¸ão do payload, definir um delay entre cada requisic ¸ão, e usar proxies.…”

Section: Figura 1 Modo De Funcionamentounclassified

FuzzingTool: Ferramenta para Testes de Intrusão em Aplicações Web

Borges¹,

Uchôa²

2021

Anais Do XXI Simpósio Brasileiro De Segurança Da Informação E De Sistemas Computacionais (SBSeg 2021)

View full text Add to dashboard Cite

A cada dia as aplicações Web estão sendo usadas para atividades complexas, a fim de atender as demandas de mercado. Com o crescente uso e avanço de suas tecnologias, faz-se necessário uma maior preocupação quanto à segurança da informação. Para tal, este artigo apresenta uma ferramenta desenvolvida para testes de intrusão em aplicações Web, o FuzzingTool. A ferramenta faz uso da técnica de fuzzing para localizar falhas nessas aplicações, com resultados bastante promissores em testes, por exemplo, que permitiram identificar vários sites auxiliares, potencialmente inseguros, a partir de um domínio principal.

show abstract

“…While the paper is not focused on cybersecurity, the following considerations could serve as a preliminary introduction. Detailed information on the power system configurations, electrified transportation systems, and applied smart grids technologies favour successful cyberattacks [53,56,57]. Therefore, the planning and operational data of most utilities are not publicly available.…”

Section: Introductionmentioning

confidence: 99%

Coordinated planning of charging swapping stations and active distribution network based on EV spatial‐temporal load forecasting

Zhu

Borghetti

et al. 2023

IET Generation Trans & Dist

View full text Add to dashboard Cite

Electric vehicles (EVs) charging swapping stations (CSSs), as well as multi‐functional integrated charging and swapping facilities (CSFs), have become important to reduce the impact of e‐mobility on the electric power distribution system. This paper presents a coordinated planning optimization strategy for CSSs/CSFs and active distribution networks (AND) that includes distributed generation. The approach is based on the application of a specifically developed spatial‐temporal load forecasting method of both plug‐in EVs (PEVs) and swapping EVs (SEVs). The approach is formulated as a mathematical programming optimization model that provides the location and sizing of new CSSs, the best active distribution network topology, the required distributed generation, and substation capacities. The developed model is solved using CPLEX, and its characteristics and performances are evaluated through a realistic case study.

show abstract

Towards a Framework of Configuring and Evaluating ModSecurity WAF on Tomcat and Apache Web Servers

Cited by 5 publications

References 9 publications

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

Security Engineering of Patient-Centered Health Care Information Systems in Peer-to-Peer Environments: Systematic Review

FuzzingTool: Ferramenta para Testes de Intrusão em Aplicações Web

Coordinated planning of charging swapping stations and active distribution network based on EV spatial‐temporal load forecasting

Contact Info

Product

Resources

About