Proactive Web Server Protocol for Complaint Assessment
This work addresses security testing for web server software, but it appears incremental as it builds on existing techniques like fuzzers and vulnerability scanners.
The paper tackles the problem of insufficient security testing in server software by proposing a proactive vulnerability attack injection tool that can address most vulnerabilities or security flaws, though no concrete performance numbers are provided.
Vulnerability Discovery with attack Injection security threats are increasing for the server software, when software is developed, the software tested for the functionality. Due to unawareness of software vulnerabilities most of the software before pre-Release the software should be thoroughly tested for not only functionality reliability, but should be tested for the security flows (or) vulnerabilities. The approaches such as fuzzers, Fault injection, vulnerabilities scanners, static vulnerabilities analyzers, Run time prevention mechanisms and software Rejuvenation are identifying the un-patched software which is open for security threats address to solve the problem "security testing". These techniques are useful for generating attacks but cannot be extendable for the new land of attacks. The system called proactive vulnerability attack injection tool is suitable for adding new attacks injection vectors, methods to define new protocol states (or) Specification using the interface of tool includes Network server protocol specification using GUI, Attacks generator, Attack injector, monitoring module at the victim injector, monitoring module at the victim machine and the attacks injection report generation. This tool can address most of the vulnerabilities (or) security flows.