Title :
Penetration test: A case study on remote command execution security hole
Author :
Mohammad, Siba ; Pourdavar, S.
Author_Institution :
Dept. of Ind., K. n. Toosi Univ. of Technol., Tehran, Iran
Abstract :
This paper offers a fresh perspective on the aspect of application security, highlighting a sample attack that is not currently being protected against. Here is a case study which discussed identifying poor coding practices that render Web applications vulnerable to attacks such as remote command execution. Given the increased focus on the need for application security, it is now to be hoped that the issue will receive greater attention in new software releases. In this research a case study is discussed on the basilic software which has a great usability in the publication and educational web sites in Europe. Although this is a useful software, the research identified some security holes on the application and offers a proof on vulnerability of the software and a solution for this problem is explained.
Keywords :
Web sites; encoding; invasive software; Europe; Web applications; basilic software; coding practices; educational web sites; penetration test; publication web sites; remote command execution security hole; software releases; software vulnerability; Databases; Encoding; Security; Servers; Software; Testing; Web pages; Penetration Test; Remote Command Execution; Security hole; Vulnerability;
Conference_Titel :
Digital Information Management (ICDIM), 2010 Fifth International Conference on
Conference_Location :
Thunder Bay, ON
Print_ISBN :
978-1-4244-7572-8
DOI :
10.1109/ICDIM.2010.5664671
