Web security research paper

INVENSITY independently works on developing practice-oriented innovations. In its innovation center - partly in cooperation with universities, institutions and associations - topics that aid technological advancement are worked on as part of innovation projects. INVENSITY systematizes the knowledge generated in projects using an internal knowledge management system. The newly-gained expertise can then, thanks to INVENSITY’s cross-sector organization, be made available to companies from various industries within the framework of client projects.

Protection against common (and uncommon) XSS / LFI / RFI / SQL injections, Directory Traversal attempts, scrapers, scanners, bots, crawlers and other potentially harmful & resource hogging requests. Active researching and daily updating for new malware variants and heuristic patterns to prevent unknown attacks. Additional filtering by IP ranges, user agents, hosts.

Monitoring for file changes - quick alerts on added, removed or modified server & website files
Daily check for any changes on server & website files. All files are scanned recursively, hash values are calculated and compared with previous clean state, each day. If something is added, removed, or changed on server / website, we will know and check/clean if necessary - incident response time is maximum 8 hours (but usually much faster).

Backup of client's data - full database and website offline backups, weekly or monthly backups
Manual backup of all files and database, downloaded to our storage units. We are keeping last 4 backups of each web application and corresponding database.
Handling of backups is off-site, in secured environment; we use standard 4Tb hard-disc units (same as Facebook is using), physically disconnected from any internet / intranet / local network access.

Browser Helper Objects (BHOs) and plug-ins like ActiveX have been a go-to choice for client-side attacks. Cure53 and X41 found that Chrome and Edge do not support these vulnerable technologies. IE supports both, making it more susceptible to attack than either Edge or Chrome. Additionally, Cure53 and X41 found that IE is still vulnerable to attacks via signed Java Applets, and more susceptible to malicious Flash content. While Chrome and Edge can both be configured to fall back to IE to support legacy compatibility, administrators can exert more control over Chrome’s fallback mechanism.

Web security research paper

web security research paper

Media:

web security research paperweb security research paperweb security research paperweb security research paper