Quantitative assessment on remote code execution vulnerability in web apps

Md. Maruf, Hassan and Umam, Mustain and Sabira, Khatun and Mohamad Shaiful, Abdul Karim and Nazia, Nishat and Mostafijur, Rahman (2019) Quantitative assessment on remote code execution vulnerability in web apps. In: 5th International Conference on Electrical, Control and Computer Engineering (INECCE 2019), 29-30 July 2019 , Swiss Garden Kuantan. pp. 1-11.. (Unpublished)

[img] Pdf
34. Quantitative assessment on remote code execution vulnerability.pdf
Restricted to Repository staff only

Download (239kB) | Request a copy
34.1 Quantitative assessment on remote code execution vulnerability.pdf

Download (90kB) | Preview


With the exponential increasing use of online tools, applications that are being made for day to day purpose by small and large industries, the threat of exploitation is also increasing. Remote Code Execution (RCE) is one of the top most critical and serious web applications vulnerability of this era and one of the major concerns among cyber threats ,which can exploit web servers through their functionalities and using their scripts/files. RCE is an application layer vulnerability caused by careless coding practice which leads to a huge security breach that may bring unwanted resource loss or damages. Attacker may execute malicious code and take complete control of the targeted system with the privileges of an authentic user with this vulnerability. Attackers can attempt to advance their privileges after gaining access to the system. Remote Code Execution can lead to a full compromise of the vulnerable web application as well as the web server. This chapter highlights the concern and risk needed to put under consideration caused by RCE vulnerability of a system. Moreover, this study and its findings will help application developers and its stakeholders to understand the risk of data compromise and unauthorized access of the system. Around 1011 web applications were taken under consideration and experiment was done by following manual double blinded penetration testing strategy. The experiments shows that more than 12% web application were found vulnerable with RCE. This study also explicitly listed down the critical factors of Remote Code Execution vulnerability and improper input handling. The experimental results are promising to motivate developers to focus on security enhancement through proper and safe input handling.

Item Type: Conference or Workshop Item (Lecture)
Uncontrolled Keywords: Web Application Vulnerabilities; Remote Code Execution (RCE); Input Validation; Data Breach.
Subjects: T Technology > TK Electrical engineering. Electronics Nuclear engineering
Faculty/Division: Faculty of Electrical & Electronic Engineering
Depositing User: Pn. Hazlinda Abd Rahman
Date Deposited: 17 Dec 2019 03:33
Last Modified: 17 Dec 2019 03:33
URI: http://umpir.ump.edu.my/id/eprint/25982
Download Statistic: View Download Statistics

Actions (login required)

View Item View Item