Security and Privacy in Communication Networks. 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers

Research Article

Detection of Configuration Vulnerabilities in Distributed (Web) Environments

Download
419 downloads
  • @INPROCEEDINGS{10.1007/978-3-642-36883-7_9,
        author={Matteo Casalino and Michele Mangili and Henrik Plate and Serena Ponta},
        title={Detection of Configuration Vulnerabilities in Distributed (Web) Environments},
        proceedings={Security and Privacy in Communication Networks. 8th International ICST Conference, SecureComm 2012, Padua, Italy, September 3-5, 2012. Revised Selected Papers},
        proceedings_a={SECURECOMM},
        year={2013},
        month={2},
        keywords={configuration validation detection of misconfiguration web security distributed environments},
        doi={10.1007/978-3-642-36883-7_9}
    }
    
  • Matteo Casalino
    Michele Mangili
    Henrik Plate
    Serena Ponta
    Year: 2013
    Detection of Configuration Vulnerabilities in Distributed (Web) Environments
    SECURECOMM
    Springer
    DOI: 10.1007/978-3-642-36883-7_9
Matteo Casalino1,*, Michele Mangili1, Henrik Plate1,*, Serena Ponta1,*
  • 1: SAP Research Sophia-Antipolis
*Contact email: matteo.maria.casalino@sap.com, henrik.plate@sap.com, serena.ponta@sap.com

Abstract

Many tools and libraries are readily available to build and operate distributed Web applications. While the setup of operational environments is comparatively easy, practice shows that their continuous secure operation is more difficult to achieve, many times resulting in vulnerable systems exposed to the Internet. Authenticated vulnerability scanners and validation tools represent a means to detect security vulnerabilities caused by missing patches or misconfiguration, but current approaches center much around the concepts of hosts and operating systems. This paper presents a language and an approach for the declarative specification and execution of machine-readable security checks for sets of more fine-granular system components depending on each other in a distributed environment. Such a language, building on existing standards, fosters the creation and sharing of security content among security stakeholders. Our approach is exemplified by vulnerabilities of and corresponding checks for Open Source Software commonly used in today’s Internet applications.