Forensics Investigation of Web Application Security Attacks

Full Text (PDF, 441KB), PP.10-17

Views: 0 Downloads: 0

Author(s)

Amor Lazzez 1,* Thabet Slimani 1

1. College of Computers and Information Technologies, Taif University, Kingdom of Saudi Arabia

* Corresponding author.

DOI: https://doi.org/10.5815/ijcnis.2015.03.02

Received: 16 Aug. 2014 / Revised: 15 Nov. 2014 / Accepted: 2 Dec. 2014 / Published: 8 Feb. 2015

Index Terms

Web application, Security Attack, Forensics Investigation

Abstract

Nowadays, web applications are popular targets for security attackers. Using specific security mechanisms, we can prevent or detect a security attack on a web application, but we cannot find out the criminal who has carried out the security attack. Being unable to trace back an attack, encourages hackers to launch new attacks on the same system. Web application forensics aims to trace back and attribute a web application security attack to its originator. This may significantly reduce the security attacks targeting a web application every day, and hence improve its security. The aim of this paper is to carry out a detailed overview about the web application forensics. First, we define the web applications forensics, and we present a taxonomic structure of the digital forensics. Then, we present the methodology of a web application forensics investigation. After that, we illustrate the forensics supportive tools for a web application forensics investigation. After that, we present a detailed presentation of a set of the main considered web application forensics tools. Finally, we provide a comparison of the main considered web application forensics tools.

Cite This Paper

Amor Lazzez, Thabet Slimani, "Forensics Investigation of Web Application Security Attacks", International Journal of Computer Network and Information Security(IJCNIS), vol.7, no.3, pp.10-17, 2015. DOI:10.5815/ijcnis.2015.03.02

Reference

[1]Mike Shema, “Hacking Web Apps”, Publisher: Syngress, Pub. Date: October 2012, Print ISBN-13: 978-1-59749-951-4, Web ISBN-13: 978-1-59749-956-9, Pages in Print Edition: 296.
[2]Ivan Ristic, “Apache security”, O’Reilly Media, Inc., pub-ORA-MEDIA: adr, 2005. Section 1.1.2,.
[3]Ann Fry, “A Forensic web Log Analysis Tool: Techniques and implementation”, thesis dissertation, department of Concordia Institute for Information Systems Engineering, Concordia University, Montreal, Canada, September 2011, web site: http://spectrum.library.concordia.ca/7769/1/Fry_MASc_F2011.pdf. Last accessed on October 2014.
[4]Prof. Dr. David Basin, Dr. Patrick Schaller, and Michael Schl?pfer, “Web Application Security”, Applied Information Security, 2011, ISBN 9783642244735, pp. 81 – 101.
[5]Vimal Kumar, Akhilendra Pratap Singh, Anjani K. Rai , Manoj Wairiya, “Self Alteration Detectable Image Log File for Web Forensics. In International Journal of Computer Applications, 2011.
[6]Natarajan Meghanathan, Sumanth Reddy Allam and Loretta A. Moore, “Tools and Techniques for Network Forensics”, International Journal of Network Security & Its Applications (IJNSA), Vol .1, No.1,April 2009.
[7]Jess Garcia, “Web Forensics”, 2006. Web site: http://www.jessland.net. Last accessed on October 2014.
[8]Farhood Norouzizadeh Dezfoli, Ali Dehghantanha, Ramlan Mahmoud, Nor Fazlida Binti Mohd Sani, and Farid Daryabar, “Digital Forensic Trends and Future”, International Journal of Cyber-Security and Digital Forensics (2): 48-76 The Society of Digital Information and Wireless Communications, 2013 (ISSN: 2305-0012).
[9]Krassen Deltchev, “Web Application Forensics: Taxonomy and Trends”, term paper, Horst G?rtz Institute, September 2011, web site: http://fr.slideshare.net/test2v/web-application-forensics-taxonomy-and-trends. Last Accessed on October 2014.
[10]Ory Segal, Sanctum Security Group, “Web Application Forensics: The Uncharted Territory”, Sanctum 2002, web site: http://www.sanctuminc.com/pdf/WhitePaper_Forensics.pdf. Last accessed on October 2014
[11]Dominik Birk, “Forensic Identification and Validation of Computational Structures in Distributed Environments”, 2010.
[12]Rohyt Belani, Chuck Willis, “Web Application Incident Response & Forensics: A Whole New Ball Game!”, 2007
[13]Jess Garcia, “Proactive & Reactive Forensics”, 2005. Web site: http://www.jessland.net. Last accessed on October 2014.
[14]Edgar Weippl, “Database Forensics”, Proceedings of the 24th IEEE International Conference on Advanced Information Networking and Applications (AINA), 2010, Perth, WA.
[15]Robert Hansen, Web Server Log Forensics App Wanted”, web site: http://ha.ckers.org/blog/20100613/web-server-log-forensics-app-wanted. Last accesssed on october 2014.
[16]Manage Engine. EventLog Analyzer 6 Managed Server Guide. ZOHO Corporation, 4900 Hopyard Rd, Suite 310 Pleasanton, CA 94588, USA, build 6.2.0 edition, January 2009.
[17]RENT-A-GURU. HTTP-ANALYZE - A Logfile Analyzer for Web Servers, January 2011. Web site: http://http-analyze.org/index.php. Last Accessed on October 2014.
[18]Michael Cohen. PyFlag - PyFlagWiki. http://www.pyflag.net/cgi-bin/moin.cgi, April 2010. Last accessed on October 2014.
[19]Stephen Turner. Analog: WWW logfile analysis. http://www.analog.cx/, June 2005. Last Accessed on October 2014.
[20]Peter Adams. Open Web Analytics - Main Page. http://www.openwebanalytics.com/, December 2010. Last Accessed on October 2014.
[21]The Webalayzer, web site: http://www.webalizer.org/. Last accessed on December 2014.
[22]Core Security Technologies. Operational Documentation Core Wisdom. “web site: http://www.coresecurity.com/open-source-projects#wisdom”. Last accesed on December 2014.
[23]NEWMAN Services Corp., “LogJam - Web Traffic Analysis”, Web site: http://newmanservices.com/logjam/pages/about.asp. Last Accessed December 2014.
[24]Sawmill, “Sawmill: Universal log file analysis and reporting”, web site: http://www.sawmill.net/. Last accessed on December 2014.
[25]Ubunto manual, “Lire”, web site: http://manpages.ubuntu.com/manpages/hardy/man7/lire.7.html. Last accessed on December 2014.
[26]Seyyed Yasser hashemi, and Parisa Sheykhi Hesarlo, “Security, Privacy and Trust Challenges in Cloud Computing and Solutions”, I.J. Computer Network and Information Security, 2014, 8, 34-40.