Executing Root Commands in Web Applications While Maintaining Security Best Practices

Vincent
Cox

page1

page2

page3

Bibliografie

LITERATUURLIJST

[1]  B. Barrett, „Hack Brief: Hackers Are Holding an LA Hospital’s Computers Hostage,” 16 02 2016. [Online]. Available: http://www.wired.com/2016/02/hack-brief-hackers-are-holding-an-la-hospi…- computers-hostage/.

[2]  L. Bershidsky, „Russians Have Learned How to Hack Power Grids,” 7 01 2016. [Online]. Available: http://www.bloombergview.com/articles/2016-01- 07/russians-have-learned-how-to-hack-power-grids. [Geopend 04 02 2016].

[3]  The Telegraph, „Chinese hackers seized 'gold mine' of information about US spies and army personnel,” 13 06 2015. [Online]. Available: http://www.telegraph.co.uk/news/worldnews/northamerica/usa/11672451/Chi… se-hackers-seized-gold-mine-of-information-about-US-spies-and-army- personnel.html. [Geopend 22 03 2016].

[4]  D. Doe, „Hackers have breached Goldcorp, a Canadian gold-mining firm,” 27 04 2016. [Online]. Available: http://www.dailydot.com/politics/goldcorp-hack-data- dump/. [Geopend 2 05 2016].

[5]  Akamai, May 2015. [Online]. Available: https://www.stateoftheinternet.com/downloads/pdfs/resources-web-security- 2015-web-app-attack-stats-ponemon-infographic.pdf. [Geopend 29 Februari 2016].

[6]  Strategic Cyber, LLC, „Homepage,” 22 2 2016. [Online]. Available: https://www.cobaltstrike.com/.

[7]  A. D. Cid, „RevSlider Vulnerability Leads To Massive WordPress SoakSoak Compromise,” 15 12 2014. [Online]. Available: https://blog.sucuri.net/2014/12/revslider-vulnerability-leads-to-massive- wordpress-soaksoak-compromise.html.

[8]  D. Bass, „Six Things You Need to Know About ATMs and the Windows XP- ocalypse,” Bloomberg, 2014.

[9]  Shodan, „Shodan is the world's first search engine for Internet-connected devices.,” 2013. [Online]. Available: https://www.shodan.io/. [Geopend 26 01 2016].

[10]  Cisco, „Cisco 2016 Annual Security Report,” Cisco, 2016.

[11]  M. Ciampa, Security Awareness: Applying Practical Security in Your World, 4th Edition red., Western Kentucky, 2014, p. 304.

[12]  L. O. M. a. E. C. Nicolas Falliere, „W32.Stuxnet Dossier,” 02 2011. [Online]. Available:

https://www.symantec.com/content/en/us/enterprise/media/security_respon… whitepapers/w32_stuxnet_dossier.pdf. [Geopend 05 02 2016].

62

[13]  P. Mavrommatis, „Protecting people across the web with Google Safe Browsing,” 12 03 2015. [Online]. Available: https://googleblog.blogspot.be/2015/03/protecting-people-across-web- with.html. [Geopend 08 02 2016].

[14]  C. Wueest, „Underground black market: Thriving trade in stolen data, malware, and attack services,” 20 11 2015. [Online]. Available: http://www.symantec.com/connect/blogs/underground-black-market-thriving- trade-stolen-data-malware-and-attack-services. [Geopend 08 02 2016].

[15]  T. Hunt, „Check if you have an account that has been compromised in a data breach,” 2016. [Online]. Available: https://haveibeenpwned.com/.

[16]  OWASP, „OWASP Top 10,” The OWASP Foundation, 2013.

[17]  I. Ristic, Modsecurity handbook, Development Version (revision 629) red., J. G. - Risti, Red., London: Feisty Duck Limited, 2015, p. 379.

[18]  Modsecurity, „What Can ModSecurity Do?,” [Online]. Available: https://www.modsecurity.org/about.html. [Geopend 09 02 2016].

[19]  J. Graham-Cumming, „CloudFlare's new WAF: compiling to Lua,” 23 08 2013. [Online]. Available: https://blog.cloudflare.com/cloudflares-new-waf-compiling- to-lua/.

[20]  Trustwave Holdings, Inc, „Reference Manual,” 2016. [Online]. Available: https://github.com/SpiderLabs/ModSecurity/wiki/Reference-Manual.

[21]  Trustwave Holdings, „Trustwave,” 2016. [Online]. Available: https://ssl.trustwave.com/web-application-firewall.

[22]  OWASP, „The free and open software security community,” 2016. [Online]. Available: https://www.owasp.org/index.php/Main_Page.

[23]  CVE Details, „The ultimate security vulnerability datasource,” 2016. [Online]. Available: https://www.cvedetails.com/.

[24]  Materialize, „A modern responsive front-end framework based on Material Design,” 2016. [Online]. Available: http://materializecss.com/.

[25]  The PHP Group, „Deprecated features in PHP 5.5.x,” 2016. [Online]. Available: http://php.net/manual/en/migration55.deprecated.php.

[26]  PortSwigger, 2016. [Online]. Available: https://portswigger.net/burp/.

[27]  w3techs, „Usage of content management systems for websites,” 02 05 2016. [Online]. Available:

http://w3techs.com/technologies/overview/content_management/all.

[28]  Digitalocean, „Simple Cloud Computing, Built for Developers.,” 2016. [Online]. Available: https://www.digitalocean.com/.

63

[29]  M. Pall, „Performance: x86/x64,” 2016. [Online]. Available: http://luajit.org/performance_x86.html. [Geopend 21 April 2016].

[30]  Symantec, „Internet Security Threat Report Apendices,” 5 April 2015. [Online]. Available:

https://www4.symantec.com/mktginfo/whitepaper/ISTR/21347931_GA-internet- security-threat-report-volume-20-2015-appendices.pdf. [Geopend 28 Februari 2016].

[31]  Akamai, „State of the internet,” [Online]. Available: https://www.stateoftheinternet.com. [Geopend 25 Februari 2016].

[32]  Trustwave Spiderlabs, „Modsecurity Open Source Web Application Firewall,” [Online]. Available: https://www.modsecurity.org. [Geopend 26 Januari 2016].

[33]  The Apache Software Foundation, „Welcome to The Apache Software Foundation!,” [Online]. Available: http://www.apache.org. [Geopend 22 Februari 2016].

[34]  Symantec, „Internet Security Threat Report Apendices,” 2015.

[35]  Akamai, „The Cost of Web Application Attacks,” Akamai Technologies, 2015. 

Download scriptie (17.04 MB)
Universiteit of Hogeschool
KU Leuven
Thesis jaar
2016
Promotor(en)
Gustaaf Vermeulen