Modeling the owasp most critical web attacks

Abstract

The tremendous growth of the web-based applications has increased information security vulnerabilities over the Internet. The threat landscape of applications security is constantly evolving (see CVE 1. published reports 2.). The key factors in this evolution are the progress made by the attackers, the emergence of new technologies with new weaknesses, as well as more integrated defenses, and the deployment of increasingly complex systems. Our contribution’s goal is to build a common model of the most famous and dangerous WEB attacks which will allow us to better understand those attacks and hence, adopt the most adapted security strategy to a given business and technical environment. This modeling can also be useful to the problematic of intrusion detection systems evaluation. We have relied on the OWASP TOP 10 classification of the most recent critical WEB attacks 3. and we deduced at the end of this paper a global modeling of all these attacks.