Skip to main content
SpringerLink
Log in

A method for identifying Web applications

  • Regular Contribution
  • Published:
International Journal of Information Security Aims and scope Submit manuscript

Abstract

Web applications are ubiquitous in today’s businesses. The security of these applications is of utmost importance since security breaches might negatively impact good reputation, and even result in bankruptcy. There are different methods of assessing security of Web applications, mainly based on some automated method of scanning. One type of scan method feeds random data to the application and monitors its behavior. The other type uses a database with predefined vulnerabilities that are checked one by one until either a vulnerability is found, or it can be claimed that the application does not have any known vulnerabilities. The important step in latter type of scan process is the identification of the application since in this case we are narrowing number of checks and, as a consequence, the scan process is faster. This paper describes a method for Web application identification based on a black box principle. Our method is based on the invariance of certain characteristics of Web applications. We experimentally tested and confirmed the usefulness of this approach.

This is a preview of subscription content, log in via an institution to check access.

Access this article

Log in via an institution

Price excludes VAT (USA)
Tax calculation will be finalised during checkout.

Instant access to the full article PDF.

Institutional subscriptions

Similar content being viewed by others

References

  1. bbPress: http://bbpress.org/ (2008)

  2. Berners-Lee, T., Fielding, R., Masinter, L.: Uniform Resource Identifier (URI): generic syntax. RFC 3986 (Standard). http://www.ietf.org/rfc/rfc3986.txt (2005)

  3. eBay: http://www.ebay.com (2007)

  4. Joomla!: http://www.joomla.org/ (2007)

  5. Mamboserver.com—Home: http://www.mamboserver.com/ (2007)

  6. MyBB—Free PHP and MySQL Forum Software: http://www.mybboard.net/ (2008)

  7. Nessus vulnerability scanner: http://www.nessus.org (2007)

  8. phpBB—Creating Communities Worldwide http://www.phpbb.com/ (2008)

  9. PHP-Nuke: http://phpnuke.org/ (2007)

  10. PostNuke CMS: a flexible open source content management system: http://www.postnuke.com/ (2008)

  11. PunBB: http://punbb.org/ (2008)

  12. R Development Core Team: R: a language and environment for statistical computing. R Foundation for Statistical Computing, Vienna, Austria. http://www.R-project.org. ISBN 3-900051-07-0 (2009)

  13. Rubin A.D., Geer D., Ranum M.J.: Web Security Sourcebook. Wiley, New York (1997)

    Google Scholar 

  14. Rubin A.D., Geer D.E. Jr: A survey of web security. Computer 31(9), 34–41 (1998). doi:10.1109/2.708448

    Article  Google Scholar 

  15. Security Administrator Tool for Analyzing Networks (SATAN): http://www.porcupine.org/satan/ (2007)

  16. UseBB—the usable forum software: http://www.usebb.net/ (2008)

  17. WAPITI—Web application vulnerability scanner/security auditor: wapiti.sourceforge.net/ (2008)

  18. WSAT: http://sourceforge.net/projects/wsat (2008)

Download references

Author information

Authors and Affiliations

  1. Department of Electronics, Microelectronics, Computer and Intelligent Systems, Faculty of Electrical Engineering and Computing, University of Zagreb, Unska 3, 10000, Zagreb, Croatia

    Mario Kozina, Marin Golub & Stjepan Groš

Authors
  1. Mario Kozina
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Marin Golub
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Stjepan Groš
    View author publications

    You can also search for this author in PubMed Google Scholar

Corresponding author

Correspondence to Stjepan Groš.

Additional information

This work has been carried out within projects 036-0361994-1995 Universal Middleware Platform for Intelligent e-Learning Systems and 036-0362980-1921 Computing Environments for Ubiquitous Distributed Systems both funded by the Ministry of Science and Technology of the Republic Croatia.

Rights and permissions

Reprints and permissions

About this article

Cite this article

Kozina, M., Golub, M. & Groš, S. A method for identifying Web applications. Int. J. Inf. Secur. 8, 455–467 (2009). https://doi.org/10.1007/s10207-009-0092-3

Download citation

  • Published:

  • Issue Date:

  • DOI: https://doi.org/10.1007/s10207-009-0092-3

Keywords

Search

Navigation