Abstract
Switching modes is a general mechanism that is used in many domains. We have suggested to use it for security purposes to make systems more resilient when vulnerabilities are known or when attacks are performed. OWASP provides several vulnerable web applications for testing and training security skills. We have the idea of applying mode switching to one of these applications in order to demonstrate its usefulness in increasing security. We have chosen Juice Shop as our sample application. In this paper (i) we suggest a multi-modal architecture for web applications; (ii) we present Juice Shop as our web application scenario; and (iii) we show first reflections on how mode switching can reduce attack surfaces and, thus, increase resilience.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Chen, T., Phan, L.T.: SafeMC: a system for the design and evaluation of mode-change protocols. In: 2018 IEEE RTAS, pp. 105–116 (2018). https://doi.org/10.1109/RTAS.2018.00021
Fail2ban: Manual Fail2ban 0.8. https://www.fail2ban.org/wiki/index.php/MANUAL_0_8
Firesmith, D.: System Resilience: What Exactly is it? https://insights.sei.cmu.edu/blog/system-resilience-what-exactly-is-it/
Joint Task Force Interagency Working Group: Security and Privacy Controls for Information Systems and Organizations. US NIST, revision 5 edn. (2020). https://doi.org/10.6028/NIST.SP.800-53r5
Kimminich, B.: Pwning OWASP Juice Shop. OWASP Foundation, Inc. (2021). https://pwning.owasp-juice.shop/
Liu, Y., Cannell, J.C., Coffman, J.H.: Gannon university hackathon: a combination of virtual and onsite education event to recruit high-school students within cybersecurity major. In: 2020 IEEE FIE, pp. 1–4 (2020)
Microsoft: What is Azure Web Application Firewall on Azure Application Gateway? - Azure Web Application Firewall (2020). https://docs.microsoft.com/en-us/azure/web-application-firewall/ag/ag-overview
OWASP: OWASP Juice Shop. https://owasp.org/www-project-juice-shop/
OWASP: OWASP Top Ten. https://owasp.org/www-project-top-ten/
Riegler, M., Sametinger, J.: Mode switching from a security perspective: first findings of a systematic literature review. In: Kotsis, G., et al. (eds.) DEXA 2020. CCIS, vol. 1285, pp. 63–73. Springer, Cham (2020). https://doi.org/10.1007/978-3-030-59028-4_6
Riegler, M., Sametinger, J., Vierhauser, M., Wimmer, M.: Automatic mode switching based on security vulnerability scores. In: Submitted for Publication (2021)
Thompson, M., Mendolla, M., Muggler, M., Ike, M.: Dynamic application rotation environment for moving target defense. In: 2016 Resilience Week (RWS), pp. 17–26, August 2016. https://doi.org/10.1109/RWEEK.2016.7573301
US Nuclear Regulatory Commission (NRC): Standard Technical Specifications - Operating and New Reactors - Current Versions (2019). https://www.nrc.gov/reactors/operating/licensing/techspecs/current-approved-sts.html
Acknowledgement
This work has partially been supported by the LIT Secure and Correct Systems Lab funded by the State of Upper Austria.
Author information
Authors and Affiliations
Corresponding authors
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2021 Springer Nature Switzerland AG
About this paper
Cite this paper
Riegler, M., Sametinger, J. (2021). Mode Switching for Secure Web Applications – A Juice Shop Case Scenario. In: Kotsis, G., et al. Database and Expert Systems Applications - DEXA 2021 Workshops. DEXA 2021. Communications in Computer and Information Science, vol 1479. Springer, Cham. https://doi.org/10.1007/978-3-030-87101-7_1
Download citation
DOI: https://doi.org/10.1007/978-3-030-87101-7_1
Published:
Publisher Name: Springer, Cham
Print ISBN: 978-3-030-87100-0
Online ISBN: 978-3-030-87101-7
eBook Packages: Computer ScienceComputer Science (R0)