The study addresses the aspect of the web service that can withstand a DoS or DDoS attack. Most of the tests yielded many high-level vulnerabilities, including but not limited to joint password enforcement, less secure configurations, and exposure of software vulnerabilities. Different research recommended considering one or more defense layers to alleviate these issues. The exercise recommended improvement with respect to sound password policies, secure configuration server-based, and patching towards vulnerability correction. Besides, emphasis has also been laid on reliable backup processes, safe configurations, and safe integration of application data. Steganographic application employs means of hiding sensitive data within images, which shows an interesting but hidden alternative means of ensuring maximum sanctity about extremely sensitive communications. This paper’s output can serve as a guideline to inspire organizations into preemptively acting to safeguard their interests concerning their web resources. State-of-the-art documentation of tools, methodologies, and findings will be interpreted as a valid framework for conducting a security assessment study. Reveal flaws in the code during source code examination and test runtime behaviors to capture vulnerabilities both pre-deployment and runtime. Advanced SSL/TLS Configuration Scanning Tools: SSLyze, testssl.sh, Qualys SSL Labs API. Detection Includes: Weak cipher suites (RC4, DES); Improper certificate chains; Memory leak-like defects (Heartbleed). Container and CI/CD Pipeline Scanning Tools: Trivy, Clair, Anchore. Purpose: To find vulnerabilities in Docker images, Kubernetes configurations, and GitHub workflows.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Comprehensive Web Service Security Audit and Data Concealment Using Advanced Vulnerability Detection and Steganography Techniques

  • E. Geetha Rani,
  • Lavanya Naik,
  • Putta Hemalatha,
  • Ratikanta Mahi,
  • K. Ramakalyani,
  • B. Gurusneha

摘要

The study addresses the aspect of the web service that can withstand a DoS or DDoS attack. Most of the tests yielded many high-level vulnerabilities, including but not limited to joint password enforcement, less secure configurations, and exposure of software vulnerabilities. Different research recommended considering one or more defense layers to alleviate these issues. The exercise recommended improvement with respect to sound password policies, secure configuration server-based, and patching towards vulnerability correction. Besides, emphasis has also been laid on reliable backup processes, safe configurations, and safe integration of application data. Steganographic application employs means of hiding sensitive data within images, which shows an interesting but hidden alternative means of ensuring maximum sanctity about extremely sensitive communications. This paper’s output can serve as a guideline to inspire organizations into preemptively acting to safeguard their interests concerning their web resources. State-of-the-art documentation of tools, methodologies, and findings will be interpreted as a valid framework for conducting a security assessment study. Reveal flaws in the code during source code examination and test runtime behaviors to capture vulnerabilities both pre-deployment and runtime. Advanced SSL/TLS Configuration Scanning Tools: SSLyze, testssl.sh, Qualys SSL Labs API. Detection Includes: Weak cipher suites (RC4, DES); Improper certificate chains; Memory leak-like defects (Heartbleed). Container and CI/CD Pipeline Scanning Tools: Trivy, Clair, Anchore. Purpose: To find vulnerabilities in Docker images, Kubernetes configurations, and GitHub workflows.