Network Monitoring for Web-Based Threats

This report models the approach a focused attacker would take in order to breach an organization through web-based protocols and provides detection or prevention methods to counter that approach. It discusses the means an attacker takes to collect information about the organization's web presence. It also describes several threat types, including configuration management issues, authorization problems, data validation issues, session management issues, and cross-site attacks. Individual threats within each type are examined in detail, with examples (where applicable) and a potential network monitoring solution provided. For quick reference, the appendix includes all potential network monitoring solutions for the threats described in the report. Due to the ever-changing entity that is the web, the threats and protections outlined in the report are not to be taken as the definitive resource on web-based attacks. This report is meant to be a starting reference point only.

PDF [936 KB]

Author

Matthew Heckathorn

This report is related to the following area(s) of work:

Security and Survivability

Technical Report
CMU/SEI-2011-TR-005
February 2011

Cite This Report

SEI:

Heckathorn, Matthew; Network Monitoring for Web-Based Threats (CMU/SEI-2011-TR-005). Software Engineering Institute, Carnegie Mellon University, 2011. http://www.sei.cmu.edu/library/abstracts/reports/11tr005.cfm

IEEE:

M. Heckathorn, "Network Monitoring for Web-Based Threats," Software Engineering Institute, Carnegie Mellon University, Pittsburgh, Pennsylvania, Technical Report CMU/SEI-2011-TR-005, 2011. http://www.sei.cmu.edu/library/abstracts/reports/11tr005.cfm

APA:

Heckathorn, M., (2011). Network Monitoring for Web-Based Threats (CMU/SEI-2011-TR-005). Retrieved May 19, 2013, from the Software Engineering Institute, Carnegie Mellon University website: http://www.sei.cmu.edu/library/abstracts/reports/11tr005.cfm

CHI:

Heckathorn, Matthew, Network Monitoring for Web-Based Threats (CMU/SEI-2011-TR-005). Pittsburgh, PA: Software Engineering Institute, Carnegie Mellon University, 2011. http://www.sei.cmu.edu/library/abstracts/reports/11tr005.cfm

MLA:

Heckathorn, M., 2011. Network Monitoring for Web-Based Threats (Technical Report CMU/SEI-2011-TR-005). Pittsburgh: Software Engineering Institute, Carnegie Mellon University. http://www.sei.cmu.edu/library/abstracts/reports/11tr005.cfm

Find Us Here

Find us on Youtube  Find us on LinkedIn  Find us on twitter  Find us on Facebook

Share This Page

Share on Facebook  Send to your Twitter page  Save to del.ico.us  Save to LinkedIn  Digg this  Stumble this page.  Add to Technorati favorites  Save this page on your Google Home Page 

For more information

Contact Us

info@sei.cmu.edu

412-268-5800

Help us improve

Visitor feedback helps us continually improve our site.

Please tell us what you
think with this short
(< 5 minute) survey.