Title :
Early Detection of Security Misconfiguration Vulnerabilities in Web Applications
Author :
Eshete, Birhanu ; Villafiorita, Adolfo ; Weldemariam, Komminist
Author_Institution :
Center For Inf. Technol., Fondazione Bruno Kessler (FBK-IRST), Trento, Italy
Abstract :
This paper presents a web-based tool to supplement defense against security misconfiguration vulnerabilities in web applications. The tool automatically audits security configuration settings of server environments in web application development and deployment. It also offers features to automatically adjust security configuration settings and quantitatively rates level of safety for server environments before deploying web applications. Using the tool, we were able to evaluate eleven server packages for Apache, PHP and MySQL across three operating system platforms. Our evaluation revealed that the tool is able to audit current security configuration settings and alert users to fix the server environment to achieve the level of safety of security configuration with respect to recommended configurations for real-life web application deployment.
Keywords :
Internet; security of data; Apache; MySQL; PHP; Web applications; security configuration settings; security misconfiguration vulnerabilities; server environments; Databases; Linux; Manuals; Safety; Security; Web servers; Configuration; Deployment; Security; Web Applications; Web Server Environments;
Conference_Titel :
Availability, Reliability and Security (ARES), 2011 Sixth International Conference on
Conference_Location :
Vienna
Print_ISBN :
978-1-4577-0979-1
Electronic_ISBN :
978-0-7695-4485-4
DOI :
10.1109/ARES.2011.31
