A recent MSc student project by Akhil Antony looked at a website that allows certain security risks (SQL Injection, Cross-Site Scripting (XSS), Cross-Site Request Forgery) to be tested for.
Abstract:
Web
applications are open and available on the internet 24/7 and the attackers can
easily access the applications from anywhere and can penetrate the system by
identifying and exploiting the vulnerability exists within it. Probability of web
applications to be attacked is very high compared to the offline applications.
The number of new developments for security enhancements is tend to be
increasing, on the other hand the new modern technologies like HTML5, CSS3, jQuery,
Silverlight and so on creates new vulnerabilities every minute and the number
of such attacks increasing in a very high order. The attacker not just looking
for the sensitive information from the victims web application; these
applications could be used for further criminal activities including terrorism,
drug dealing etc. The research is to investigate the vulnerabilities affecting
the web applications and to develop an automated web application vulnerability
scanner. The investigation is also focuses on the motivations and profits
behind these attacks. With this application users could be able to test the web
application’s security rating based on the possible vulnerabilities and
developers could be able to perform penetration search within their application.
Most
of the web applications suffers from generic validation errors and causes
security vulnerabilities. SQL Injection, Cross-Site Scripting (XSS), Cross-Site
Request Forgery etc are examples of popular vulnerabilities exist within web
applications. Majority of these web vulnerabilities are easy to identify and
avoid, but unfortunately the developers are not much security aware or they
work in very small time constraints. As a result more and more web applications
on the internet would be vulnerable. (Stefan Kals, 2006)
The
cyber crimes and the cyber attacks to web applications could be categorized on
a general principle that what illegal offline is illegal online. The research
is on the crimes which can only be carried out using the internet, including
attacks on computer systems to disrupt IT infrastructure, and the stealing of
data over a network using malware, often to enable further crime. The cyber
attackers attempt to access information stored on a computer. Information may
have a sale value (corporate espionage), may be valuable to the owner (ransom opportunity)
or may be useful for further illegal activity such as fraud. Threats,
motivations and profit achieved from cyber attacks being investigated.
Computing Courses
BSc and HND Computing Provision (click on the links below for more details of the courses)
The University of Northampton's, Department of Computing and Immersive Technologies offers five courses within the MSc Computing postgraduate provision (shown below) all available either part-time or full-time.
The contents are the opinion of the author(s) and not necessarily the view of the University of Northampton.
