Authors: Ha Thanh Le; Peter Loh; Chiew Tong Lau
Addresses: Interdisciplinary Centre for Security, Reliability and Trust, University of Luxembourg, 4, rue Alphonse Weicker, L-2721, Luxembourg ' Singapore Institute of Technology, 10 Dover Drive, 138683, Singapore ' School of Computer Engineering, Nanyang Technological University, Block N4, #02B-58, Nanyang Avenue, 639798, Singapore
Abstract: The stealthy reconnaissance phase is crucial in a cyber-attack. The reconnaissance tools usually limit themselves from balancing between collecting most targets' information possible while hiding itself from being detected by target's defence systems. We assert the role of reconnaissance in web application security attack and evaluate the selected reconnaissance tools in both effectiveness (information gained) and stealth level. We experimentally realised that the reconnaissance tools employing a botnet (or bot, or zombie)-based model has high performance (high level of stealth and little information loss).
Keywords: web application security; cyber attacks; stealthy reconnaissance; botnet model reconnaissance; performance evaluation; cyber reconnaissance; stealth level; information loss; web applications.
International Journal of Information Privacy, Security and Integrity, 2016 Vol.2 No.3, pp.177 - 196
Available online: 23 Aug 2016 *Full-text access for editors Access for subscribers Purchase this article Comment on this article