Nowadays more and more business activities are operated through web and the web plays a vital role in the interests of both businesses and their shareholders. However, the very good features of web such as its popularity, accessibility and openness, has provided more opportunities for security breaches by malicious users. That is why the rate of successful attacks on web and web applications are increasing. Many approaches have been introduced so far to reduce the rate of successful attacks of many kinds. Any technique that can detect these vulnerabilities and mitigate the security problems of web applications is useful to organizations seeking for more reliability from the security viewpoint. In this paper we first introduce the control flow tampering attack, which is one of the notable attacks against web applications, and present our approach for countering this attack using web application firewall.
[1]
Richard Sharp,et al.
Specifying and Enforcing Application-Level Web Security Policies
,
2003,
IEEE Trans. Knowl. Data Eng..
[2]
Gary McGraw,et al.
Software Penetration Testing
,
2005,
IEEE Secur. Priv..
[3]
A. Jefferson Offutt,et al.
Bypass testing of Web applications
,
2004,
15th International Symposium on Software Reliability Engineering.
[4]
Shih-Kun Huang,et al.
Web application security assessment by fault injection and behavior monitoring
,
2003,
WWW '03.
[5]
Richard Sharp,et al.
Abstracting application-level web security
,
2002,
WWW.
[6]
B. Huberman,et al.
The Deep Web : Surfacing Hidden Value
,
2000
.