Towards Automated Vulnerability Scanning of Network Servers

Schagen, Nathan; Koning, Koen; Bos, Herbert; Giuffrida, Cristiano

doi:10.1145/3193111.3193116

Cited by 14 publications

(7 citation statements)

References 9 publications

(11 reference statements)

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Ref. [29] exemplifies automated vulnerability checking but restricted to network servers on the basis of the pure networking traffic characteristics. Ref.…”

Section: Related Workmentioning

confidence: 99%

Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities

Song

García-Valls

2022

Sensors

View full text Add to dashboard Cite

IoT (Internet of Things) systems are complex ones that may comprise large numbers of sensing and actuating devices; and servers that store data and further configure the operation of such devices. Usually, these systems involve real-time operation as they are closely bound to particular physical processes. This real-time operation is often threatened by the security solutions that are put in place to alleviate the ever growing attack surface in IoT. This paper focuses on critical IoT domains where less attention has been paid to the web security aspects. The main reason is that, up to quite recently, web technologies have been considered unreliable and had to be avoided by design in critical systems. In this work, we focus on the server side and on how attacks propagate from server to client as vulnerabilities and from client to unprotected servers; we describe the concerns and vulnerabilities introduced by the intensive usage of web interfaces in IoT from the server templating engines perspective. In this context, we propose an approach to perform self monitoring on the server side, propagating the self monitoring to the IoT system devices; the aim is to provide rapid detection of security vulnerabilities with a low overhead that is transparent to the server normal operation. This approach improves the control over the vulnerability detection. We show a set of experiments that validate the feasibility of our approach.

show abstract

“…Ref. [29] exemplifies automated vulnerability checking but restricted to network servers on the basis of the pure networking traffic characteristics. Ref.…”

Section: Related Workmentioning

confidence: 99%

Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities

Song

García-Valls

2022

Sensors

View full text Add to dashboard Cite

show abstract

“…[90] Surveys and overviews is paper summarizes the field of software vulnerability examination and discovery that uses machine learning and data mining approaches. [91] Security and privacy is paper talks about safe patch fingerprinting.…”

Section: Hybrid Reputation Modelmentioning

confidence: 99%

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

Liao

Nazir

Khan

et al. 2021

Security and Communication Networks

View full text Add to dashboard Cite

Software component plays a significant role in the functionality of software systems. Component of software is the existing and reusable parts of a software system that is formerly debugged, confirmed, and practiced. The use of such components in a newly developed software system can save effort, time, and many resources. Due to the practice of using components for new developments, security is one of the major concerns for researchers to tackle. Security of software components can save the software from the harm of illegal access and damages of its contents. Several existing approaches are available to solve the issues of security of components from different perspectives in general while security evaluation is specific. A detailed report of the existing approaches and techniques used for security purposes is needed for the researchers to know about the approaches. In order to tackle this issue, the current research presents a systematic literature review (SLR) of the present approaches used for assessing the security of software components in the literature by practitioners to protect software systems for the Internet of Things (IoT). The study searches the literature in the popular and well-known libraries, filters the relevant literature, organizes the filter papers, and extracts derivations from the selected studies based on different perspectives. The proposed study will benefit practitioners and researchers in support of the report and devise novel algorithms, techniques, and solutions for effective evaluation of the security of software components.

show abstract

“…In addition, their methods are also time-consuming: they need more than 9 days to measure a dataset of 200,000 websites. They focus on determining whether a given input propagates, rather than efficiently finding the propagating inputs, for arbitrary vulnerabilities [12], [14]. The second group performs the scanning of the Internet ipv4 protocol for a specifically defined subject area, such as hosted services, SSL/TLS, vulnerabilities or specific software or protocol vulnerabilities by using mass scan tools such as ZMAp, Nmap and Massscan [15]- [17].…”

Section: Overview Of the Previous Workmentioning

confidence: 99%

An Intelligent and Automated WCMS Vulnerability-Discovery Tool: The Current State of the Web

Cigoj

Blažič

2019

IEEE Access

View full text Add to dashboard Cite

The main focus of the cyber-security community has been to make operating systems and communication networks more secure and harder for attackers to penetrate. This also applies to all the applications on the Internet. The most frequently used web application and user pages are today developed with the Web Content Management System (WCMS), as it allows user-friendly access, easy development and operation. WCMSs are present all over the world in many different environments. Any malware that can penetrate the WCMS can significantly affect the system itself and can cause a misconfiguration. The security and stability of these systems are important for reducing the risks and consequences of attacks or disfunctions with currently known similar tools. This paper presents a newly developed tool for identifying the vulnerabilities of the majority of Internet sites with WCMS applications and the remedies to be applied. Its key feature is the ability to perform automated, fast and dynamic vulnerability scans of the WCMS and the attached plug-ins on a large scale with in-built ethical respect.

show abstract

Towards Automated Vulnerability Scanning of Network Servers

Cited by 14 publications

References 9 publications

Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities

Improving Security of Web Servers in Critical IoT Systems through Self-Monitoring of Vulnerabilities

Assessing Security of Software Components for Internet of Things: A Systematic Review and Future Directions

An Intelligent and Automated WCMS Vulnerability-Discovery Tool: The Current State of the Web

Contact Info

Product

Resources

About