{"title":"混合云中通道API安全快速渗透测试(通道API动态防御)","authors":"Luiza Nacshon, Anna Sandler","doi":"10.5121/csit.2023.130308","DOIUrl":null,"url":null,"abstract":"The goal of this research is to explore the security aspects of the hybrid Cloud Channel API world in greater depth and develop a rapid penetration testing tool that will help security researchers test Cloud Channel API security more effectively. The research proposes an innovative proxy-based solution for a rapid reactive test implementing a dynamic defence for channel API in the hybrid cloud. The proxy-based solution executes security testing rules against the channel API requests and validates weaknesses or vulnerabilities as a dynamic defence. Malicious or vulnerable requests may be denied/dropped/alerted, the results and decisions will be reflected in the APImanagement dashboard. In the scope of the paper we focus on known API attacks and in the future work we are going to have a machine learning algorithm for unknown and new channel API attacks.","PeriodicalId":299543,"journal":{"name":"Natural Language Processing, Information Retrieval and AI","volume":"46 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2023-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Rapid Penetration Test for Securing Channel APIs in Hybrid Cloud (Dynamic Defense of Channel API)\",\"authors\":\"Luiza Nacshon, Anna Sandler\",\"doi\":\"10.5121/csit.2023.130308\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"The goal of this research is to explore the security aspects of the hybrid Cloud Channel API world in greater depth and develop a rapid penetration testing tool that will help security researchers test Cloud Channel API security more effectively. The research proposes an innovative proxy-based solution for a rapid reactive test implementing a dynamic defence for channel API in the hybrid cloud. The proxy-based solution executes security testing rules against the channel API requests and validates weaknesses or vulnerabilities as a dynamic defence. Malicious or vulnerable requests may be denied/dropped/alerted, the results and decisions will be reflected in the APImanagement dashboard. In the scope of the paper we focus on known API attacks and in the future work we are going to have a machine learning algorithm for unknown and new channel API attacks.\",\"PeriodicalId\":299543,\"journal\":{\"name\":\"Natural Language Processing, Information Retrieval and AI\",\"volume\":\"46 1\",\"pages\":\"0\"},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2023-02-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Natural Language Processing, Information Retrieval and AI\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.5121/csit.2023.130308\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Natural Language Processing, Information Retrieval and AI","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.5121/csit.2023.130308","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
Rapid Penetration Test for Securing Channel APIs in Hybrid Cloud (Dynamic Defense of Channel API)
The goal of this research is to explore the security aspects of the hybrid Cloud Channel API world in greater depth and develop a rapid penetration testing tool that will help security researchers test Cloud Channel API security more effectively. The research proposes an innovative proxy-based solution for a rapid reactive test implementing a dynamic defence for channel API in the hybrid cloud. The proxy-based solution executes security testing rules against the channel API requests and validates weaknesses or vulnerabilities as a dynamic defence. Malicious or vulnerable requests may be denied/dropped/alerted, the results and decisions will be reflected in the APImanagement dashboard. In the scope of the paper we focus on known API attacks and in the future work we are going to have a machine learning algorithm for unknown and new channel API attacks.
求助内容:
应助结果提醒方式:
京公网安备 11010802042870号
