Quantitative assessment on remote code execution vulnerability in web apps
With the exponential increasing use of online tools, applications that are being made for day to day purpose by small and large industries, the threat of exploitation is also increasing. Remote Code Execution (RCE) is one of the top most critical and serious web applications vulnerability of this er...
Saved in:
| Main Authors: | , , , , , |
|---|---|
| Format: | Conference or Workshop Item |
| Language: | English English |
| Published: |
Universiti Malaysia Pahang
2019
|
| Subjects: | |
| Online Access: | http://umpir.ump.edu.my/id/eprint/25982/1/34.%20Quantitative%20assessment%20on%20remote%20code%20execution%20vulnerability.pdf http://umpir.ump.edu.my/id/eprint/25982/2/34.1%20Quantitative%20assessment%20on%20remote%20code%20execution%20vulnerability.pdf http://umpir.ump.edu.my/id/eprint/25982/ |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| id |
my.ump.umpir.25982 |
|---|---|
| record_format |
eprints |
| spelling |
my.ump.umpir.259822019-12-17T03:33:10Z http://umpir.ump.edu.my/id/eprint/25982/ Quantitative assessment on remote code execution vulnerability in web apps Md. Maruf, Hassan Umam, Mustain Sabira, Khatun Mohamad Shaiful, Abdul Karim Nazia, Nishat Mostafijur, Rahman TK Electrical engineering. Electronics Nuclear engineering With the exponential increasing use of online tools, applications that are being made for day to day purpose by small and large industries, the threat of exploitation is also increasing. Remote Code Execution (RCE) is one of the top most critical and serious web applications vulnerability of this era and one of the major concerns among cyber threats ,which can exploit web servers through their functionalities and using their scripts/files. RCE is an application layer vulnerability caused by careless coding practice which leads to a huge security breach that may bring unwanted resource loss or damages. Attacker may execute malicious code and take complete control of the targeted system with the privileges of an authentic user with this vulnerability. Attackers can attempt to advance their privileges after gaining access to the system. Remote Code Execution can lead to a full compromise of the vulnerable web application as well as the web server. This chapter highlights the concern and risk needed to put under consideration caused by RCE vulnerability of a system. Moreover, this study and its findings will help application developers and its stakeholders to understand the risk of data compromise and unauthorized access of the system. Around 1011 web applications were taken under consideration and experiment was done by following manual double blinded penetration testing strategy. The experiments shows that more than 12% web application were found vulnerable with RCE. This study also explicitly listed down the critical factors of Remote Code Execution vulnerability and improper input handling. The experimental results are promising to motivate developers to focus on security enhancement through proper and safe input handling. Universiti Malaysia Pahang 2019 Conference or Workshop Item PeerReviewed pdf en http://umpir.ump.edu.my/id/eprint/25982/1/34.%20Quantitative%20assessment%20on%20remote%20code%20execution%20vulnerability.pdf pdf en http://umpir.ump.edu.my/id/eprint/25982/2/34.1%20Quantitative%20assessment%20on%20remote%20code%20execution%20vulnerability.pdf Md. Maruf, Hassan and Umam, Mustain and Sabira, Khatun and Mohamad Shaiful, Abdul Karim and Nazia, Nishat and Mostafijur, Rahman (2019) Quantitative assessment on remote code execution vulnerability in web apps. In: 5th International Conference on Electrical, Control and Computer Engineering (INECCE 2019), 29-30 July 2019 , Swiss Garden Kuantan. pp. 1-11.. (Unpublished) DOI: https://doi.org/10.1016/B978-0-12-816129-6.00019-3 |
| institution |
Universiti Malaysia Pahang |
| building |
UMP Library |
| collection |
Institutional Repository |
| continent |
Asia |
| country |
Malaysia |
| content_provider |
Universiti Malaysia Pahang |
| content_source |
UMP Institutional Repository |
| url_provider |
http://umpir.ump.edu.my/ |
| language |
English English |
| topic |
TK Electrical engineering. Electronics Nuclear engineering |
| spellingShingle |
TK Electrical engineering. Electronics Nuclear engineering Md. Maruf, Hassan Umam, Mustain Sabira, Khatun Mohamad Shaiful, Abdul Karim Nazia, Nishat Mostafijur, Rahman Quantitative assessment on remote code execution vulnerability in web apps |
| description |
With the exponential increasing use of online tools, applications that are being made for day to day purpose by small and large industries, the threat of exploitation is also increasing. Remote Code Execution (RCE) is one of the top most critical and serious web applications vulnerability of this era and one of the major concerns among cyber threats ,which can exploit web servers through their functionalities and using their scripts/files. RCE is an application layer vulnerability caused by careless coding practice which leads to a huge security breach that may bring unwanted resource loss or damages. Attacker may execute malicious code and take complete control of the targeted system with the privileges of an authentic user with this vulnerability. Attackers can attempt to advance their privileges after gaining access to the system. Remote Code Execution can lead to a full compromise of the vulnerable web application as well as the web server. This chapter highlights the concern and risk needed to put under consideration caused by RCE vulnerability of a system. Moreover, this study and its findings will help application developers and its stakeholders to understand the risk of data compromise and unauthorized access of the system. Around 1011 web applications were taken under consideration and experiment was done by following manual double blinded penetration testing strategy. The experiments shows that more than 12% web application were found vulnerable with RCE. This study also explicitly listed down the critical factors of Remote Code Execution vulnerability and improper input handling. The experimental results are promising to motivate developers to focus on security enhancement through proper and safe input handling. |
| format |
Conference or Workshop Item |
| author |
Md. Maruf, Hassan Umam, Mustain Sabira, Khatun Mohamad Shaiful, Abdul Karim Nazia, Nishat Mostafijur, Rahman |
| author_facet |
Md. Maruf, Hassan Umam, Mustain Sabira, Khatun Mohamad Shaiful, Abdul Karim Nazia, Nishat Mostafijur, Rahman |
| author_sort |
Md. Maruf, Hassan |
| title |
Quantitative assessment on remote code execution vulnerability in web apps |
| title_short |
Quantitative assessment on remote code execution vulnerability in web apps |
| title_full |
Quantitative assessment on remote code execution vulnerability in web apps |
| title_fullStr |
Quantitative assessment on remote code execution vulnerability in web apps |
| title_full_unstemmed |
Quantitative assessment on remote code execution vulnerability in web apps |
| title_sort |
quantitative assessment on remote code execution vulnerability in web apps |
| publisher |
Universiti Malaysia Pahang |
| publishDate |
2019 |
| url |
http://umpir.ump.edu.my/id/eprint/25982/1/34.%20Quantitative%20assessment%20on%20remote%20code%20execution%20vulnerability.pdf http://umpir.ump.edu.my/id/eprint/25982/2/34.1%20Quantitative%20assessment%20on%20remote%20code%20execution%20vulnerability.pdf http://umpir.ump.edu.my/id/eprint/25982/ |
| _version_ |
1654960225094991872 |
| score |
13.211869 |