Assessing of Web Application Resiliency against Flooding DoS Attacks in the Business Layer

Q: How can I download an article?

To download an article from SID, first log in to the site, search for the article title, and click on the 'Download Article' option.

Q: How can I download an ISI article?

To download an ISI article on SID, enter the keyword or article title in the search bar, view the relevant results, click on the desired article, and select the 'Download Article' option.

Q: How can I access the SID database?

To access the SID database, visit SID.ir, create an account, and log in to access scientific resources.

Q: Is downloading articles from SID free?

Some articles on SID are available for free, while others require payment. Details are specified on the article's page.

ALIDOOSTI M.; NOWROOZI A.; Nickabadi A.

مرکز اطلاعات علمی Scientific Information Database (SID) - Trusted Source for Research and Academic Resources

Journal Paper

Paper Information

Journal: TABRIZ JOURNAL OF ELECTRICAL ENGINEERING Year:2019 | Volume:49 | Issue:4 (90) Page(s): 1757-1767

Download Full-Text

Persian Verion

View:

254

Download:

Cites:

Information Journal Paper

Title

Assessing of Web Application Resiliency against Flooding DoS Attacks in the Business Layer

Author(s)

ALIDOOSTI M. | NOWROOZI A. | Nickabadi A. | Issue Writer Certificate

Keywords

Black-box testingQ1

Business layerQ1

Business logic processQ1

DoS test ScenarioQ1

Abstract

According to IMPERVA report, application layer DoS attacks have involved about 60 percent of total DoS attacks. Today, attacks have been transferred to the Business layer. Web application vulnerability scanners cannot detect business logic vulnerabilities (vulnerabilities related to logic). This paper presents BLDAST, A dynamic and black-box vulnerability analysis approach that identify business logic vulnerabilities of a web application against flooding DoS attacks. BLDAST assesses web application resiliency against flooding DoS attacks in the Business layer. BLDAST first extracts Business logic processes of a web application. Business logic processes with high overload are selected and finally, based on selected processes, BLDAST runs Business layer DoS test Scenarios. The evaluation conducted on four well-known open source web applications shows that BLDAST is able to detect business logic vulnerabilities. In addition, we show that an attacker in business logic attacks can exhaust target by consuming only one percent of his resources in comparison to other layers attacks. Therefore, business logic attacks are very dangerous and BLDAST is able to identify vulnerable web applications against these attacks.

Cites

No record.

References

No record.

Cite

APA: Copy

ALIDOOSTI, M., NOWROOZI, A., & Nickabadi, A.. (2019). Assessing of Web Application Resiliency against Flooding DoS Attacks in the Business Layer. TABRIZ JOURNAL OF ELECTRICAL ENGINEERING, 49(4 (90) ), 1757-1767. SID. https://sid.ir/paper/401774/en

Vancouver: Copy

ALIDOOSTI M., NOWROOZI A., Nickabadi A.. Assessing of Web Application Resiliency against Flooding DoS Attacks in the Business Layer. TABRIZ JOURNAL OF ELECTRICAL ENGINEERING[Internet]. 2019;49(4 (90) ):1757-1767. Available from: https://sid.ir/paper/401774/en

IEEE: Copy

M. ALIDOOSTI, A. NOWROOZI, and A. Nickabadi, “Assessing of Web Application Resiliency against Flooding DoS Attacks in the Business Layer,” TABRIZ JOURNAL OF ELECTRICAL ENGINEERING, vol. 49, no. 4 (90) , pp. 1757–1767, 2019, [Online]. Available: https://sid.ir/paper/401774/en

Related Journal Papers

No record.

Related Seminar Papers

No record.

Related Plans

No record.

Recommended Workshops