Abstract
This paper presents a novel approach to study, identify, and evaluate the security mechanisms in-place across various Web server platforms. These security mechanisms are collected and compiled from various sources. A set of security checks are framed to identify the implementation of these security mechanisms in diverse Web server platforms. The paper is concluded with a case study which implements this approach.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
References
Bishop, M.: What is computer security. IEEE Secur. Priv. (2003)
Laprie, J.C.: Dependability of computer systems: concepts, limits, improvements. In: Proceedings of the 6th International Symposium on Software Reliability Engineering (1995)
Lin, P.: So You Want High Performance (Tomcat Performance). Jakarta Tomcat (2003)
Aaqib S.M., Sharma L.: Analysis of delivery of web contents for kernel-mode and user–mode web servers. Int. J. Comput. Appl. 12(9), 37–42 (Foundation of Computer Science, New York, USA) (2011)
Arlitt, M., Williamson, C.: Understanding web server configuration issues. Softw. Pract. Experience 34(2), 163–186 (2004)
Ford, R., Thompson, H., Casteran, F.: Role Comparison Report-Web Server Role. Technical Report, Security Innovation (2005)
Common Criteria: US Government Protection Profile. Web Server for Basic Robustness Environments, Version 1.1 (2007)
NIST.: National Institute of Standards and Technology, Guidelines on Securing Public Web Servers, Special Publication, 800-44 Version 2 (2007)
CIS. Centre for Internet Security 2008. Retrieved from CIS http://www.cisecurity.org/as accessed on June 2015
CERT-In.: Web Server Guidelines 2004. Department of IT, Government of India (2004)
NIC Guidelines for Indian Government Websites.: National Informatics Centre (2013). Retrieved from: http://darpg.gov.in as accessed on June 2015
Alhazmi, O.H., Malaiya, Y.K., Ray, I.: Security vulnerabilities in software systems: a quantitative perspective. In: Proceedings of the Annual IFIP WG11.3 Working Conference on Data and Information Security, pp. 281–294 (2005)
Rescorla, E.: Is finding security holes a good idea? IEEE Secur. Priv. 03(1), 14–19 (2003)
Neto, A.A., Mendes, N., Duraes, J., M., Madeira, H.: Assessing and comparing security of web servers. In: 14th IEEE Pacific Rim International on Dependable Computing (2008)
IEC-ISO. 17799:2005: Information Technology-Security Technique—Code of Practice for Information Security Management. Retrieved from http://www.iso.org/iso/ as on Oct 2012
Web Server Protection Profile. Retrieved from http://llniap.nist.govIcc-scheme (2001). Woo, S., Alhazmi, O.H., Malaiya, Y.K.: Assessing Vulnerabilities in Apache and IIS HTTP Servers. Colorado State University, Fort Collins (2008)
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2019 Springer Nature Singapore Pte Ltd.
About this paper
Cite this paper
Aaqib, S.M., Sharma, L. (2019). Evaluation and Comparison of Security Mechanisms In-Place in Various Web Server Systems. In: Hoda, M., Chauhan, N., Quadri, S., Srivastava, P. (eds) Software Engineering. Advances in Intelligent Systems and Computing, vol 731. Springer, Singapore. https://doi.org/10.1007/978-981-10-8848-3_42
Download citation
DOI: https://doi.org/10.1007/978-981-10-8848-3_42
Published:
Publisher Name: Springer, Singapore
Print ISBN: 978-981-10-8847-6
Online ISBN: 978-981-10-8848-3
eBook Packages: EngineeringEngineering (R0)