DocumentCode :
3506697
Title :
A testbed for the evaluation of web intrusion prevention systems
Author :
Stuckman, J. ; Purtilo, J.
Author_Institution :
Dept. of Comput. Sci., Univ. of Maryland, College Park, MD, USA
fYear :
2011
fDate :
21-21 Sept. 2011
Firstpage :
66
Lastpage :
75
Abstract :
Web intrusion prevention systems are popular for defending web applications against common attacks, such as SQL injection and cross-site scripting, but a standardized methodology to evaluate and benchmark such systems is not available. We outline several requirements for a testing and evaluation framework for these systems, and we introduce the concept of a benchmarking testbed, which automatically performs the evaluation in a standardized and reproducible way. By allowing benchmarks to draw from a corpus of installable modules which can be based on actual security vulnerabilities, members of the security community can continuously maintain and improve the benchmark, allowing it to be updated as threats and defenses evolve. We developed a prototype of this testbed and determined that the testbed should automate several common web testing tasks on behalf of its modules in order to ease module development. Although our experiences with the prototype suggest that developing such a testbed is viable, we identified several open questions related to benchmark coverage and performance measurement that should be resolved in order for the resulting benchmark to be useful to end users.
Keywords :
Internet; security of data; SQL injection attack; Web application; Web intrusion prevention system; Web testing task; benchmarking testbed concept; cross-site scripting attck; module development; security vulnerability; Accuracy; Benchmark testing; Computer bugs; Intrusion detection; Software; SQL injection; benchmark; evaluation; security; web;
fLanguage :
English
Publisher :
ieee
Conference_Titel :
Security Measurements and Metrics (Metrisec), 2011 Third International Workshop on
Conference_Location :
Banff, AB
Print_ISBN :
978-1-4673-1245-5
Type :
conf
DOI :
10.1109/Metrisec.2011.14
Filename :
6165765
Link To Document :
بازگشت