Change search
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Root cause analysis of session management and broken authentication vulnerabilities
Stockholm University, Faculty of Social Sciences, Department of Computer and Systems Sciences.
2012 (English)In: World Congress on Internet Security (WorldCIS 2012), IEEE Computer Society Digital Library, 2012, 82-86 p.Conference paper, Published paper (Refereed)
Abstract [en]

While there are numerous approaches to secure web applications as one of the most prevalent ways to harness the potential of the Internet, attackers almost daily come up with new attempts to exploit various vulnerabilities and compromise data found on the Net. One of the possible venues to attain sustainable solutions is to follow strategic approaches based on detailed analysis and understanding of problems rather than some of the common tactical and often reactive methods. The aim of the paper is to explore employment of Root Cause Analysis (RCA) in session management and broken authentication vulnerabilities and how it can be utilized to improve some security aspects of web applications. By employing RCA, we were able to identify 11 root causes of session management vulnerabilities and 9 root causes of broken authentication vulnerabilities. In addition, the approach provided a detailed, almost macroscopic, view of the vulnerabilities, which consequently led to effective solutions that can minimize the recurrence of attacks on web applications.

Place, publisher, year, edition, pages
IEEE Computer Society Digital Library, 2012. 82-86 p.
Keyword [en]
Web security, authentication vulnerabilities, session management, root cause analysis
National Category
Information Systems
Research subject
Computer and Systems Sciences
Identifiers
URN: urn:nbn:se:su:diva-86346ISBN: 978-1-908320-04-9 (print)OAI: oai:DiVA.org:su-86346DiVA: diva2:586650
Conference
World Congress on Internet Security (WorldCIS-2012), 10-12 June 2012, Guelph, Ontario, Canada
Available from: 2013-01-12 Created: 2013-01-12 Last updated: 2013-01-29Bibliographically approved

Open Access in DiVA

No full text

Other links

http://ieeexplore.ieee.org/xpl/articleDetails.jsp?reload=true&arnumber=6280203

Search in DiVA

By author/editor
Popov, Oliver
By organisation
Department of Computer and Systems Sciences
Information Systems

Search outside of DiVA

GoogleGoogle Scholar

isbn
urn-nbn

Altmetric score

isbn
urn-nbn
Total: 193 hits
CiteExportLink to record
Permanent link

Direct link
Cite
Citation style
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf