icon-carat-right menu search cmu-wordmark
Carnegie Mellon University

Network Monitoring for Web-Based Threats

Technical Report
By
In this report, Matthew Heckathorn models the approach an attacker would take and provides detection or prevention methods to counter that approach.
Publisher

Software Engineering Institute

CMU/SEI Report Number
CMU/SEI-2011-TR-005
DOI (Digital Object Identifier)
10.1184/R1/6575756.v1
Topic or Tag

Abstract

This report models the approach a focused attacker would take in order to breach an organization through web-based protocols and provides detection or prevention methods to counter that approach. It discusses the means an attacker takes to collect information about the organization's web presence. It also describes several threat types, including configuration management issues, authorization problems, data validation issues, session management issues, and cross-site attacks. Individual threats within each type are examined in detail, with examples (where applicable) and a potential network monitoring solution provided. For quick reference, the appendix includes all potential network monitoring solutions for the threats described in the report. Due to the ever-changing entity that is the web, the threats and protections outlined in the report are not to be taken as the definitive resource on web-based attacks. This report is meant to be a starting reference point only.

SHARE
Download PDF
Cite This Technical Report

Heckathorn, M. (2011, February 1). Network Monitoring for Web-Based Threats. (Technical Report CMU/SEI-2011-TR-005). Retrieved November 23, 2024, from https://doi.org/10.1184/R1/6575756.v1.

@techreport{heckathorn_2011,
author={Heckathorn, Matthew},
title={Network Monitoring for Web-Based Threats},
month={{Feb},
year={{2011},
number={{CMU/SEI-2011-TR-005},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6575756.v1},
note={Accessed: 2024-Nov-23}
}

Heckathorn, Matthew. "Network Monitoring for Web-Based Threats." (CMU/SEI-2011-TR-005). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, February 1, 2011. https://doi.org/10.1184/R1/6575756.v1.

M. Heckathorn, "Network Monitoring for Web-Based Threats," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2011-TR-005, 1-Feb-2011 [Online]. Available: https://doi.org/10.1184/R1/6575756.v1. [Accessed: 23-Nov-2024].

Heckathorn, Matthew. "Network Monitoring for Web-Based Threats." (Technical Report CMU/SEI-2011-TR-005). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Feb. 2011. https://doi.org/10.1184/R1/6575756.v1. Accessed 23 Nov. 2024.

Heckathorn, Matthew. Network Monitoring for Web-Based Threats. CMU/SEI-2011-TR-005. Software Engineering Institute. 2011. https://doi.org/10.1184/R1/6575756.v1

Ask a question about this Technical Report