Abstract

It has been discovered in recent years that the Internet attacks started by improper authorization on Web servers and Web applications. The top 10 Web vulnerabilities issued by OWASP and the top 20 security risks issued by SANS demonstrated that Web attacks is one of the most important network security problems. Therefore, with the help from Web attack taxonomy, we can classify the attack type with vulnerability characteristic and efficiently response with actions and find the characteristic. The new taxonomy proposed by this research is based on the HTTP methond that include dangerous methond such as PUT, DELETE, TRACE, and CONNECT. When threat events occur in network systems, we could more effectively categorize the possible malicious attacks with the proposed taxonomy.