Advances in Web and Network Security

The field of web and network security is rapidly evolving, with a growing focus on identifying and mitigating vulnerabilities in complex systems. Recent research has highlighted the importance of automated testing and fuzzing frameworks in uncovering security flaws in web APIs and network protocols. The use of grammar-based fuzzing and automated bug detection has shown promise in identifying previously unknown vulnerabilities, and has the potential to significantly improve the security of web and network systems. Notably, the development of open-source security testing tools has made it possible to effectively test web APIs for broken authentication and other security risks. Furthermore, time series analysis of vulnerability patching has provided valuable insights into the stability of vulnerable products and components, and the growing security debt in software maintenance. Overall, the field is moving towards a more proactive and systematic approach to security analysis and vulnerability mitigation. Noteworthy papers include:

  • A paper presenting FivGeeFuzz, a grammar-based fuzzing framework that discovered 8 previously unknown vulnerabilities in a 5G core network implementation.
  • A paper introducing AuthREST, an open-source security testing tool that effectively improves web API security by automatically testing for broken authentication vulnerabilities.

Sources

Cross-Service Token: Finding Attacks in 5G Core Networks

Automated Testing of Broken Authentication Vulnerabilities in Web APIs with AuthREST

Vulnerability Patching Across Software Products and Software Components: A Case Study of Red Hat's Product Portfolio

Security Analysis of Web Applications Based on Gruyere

Built with on top of