Abstract
Web-based Learning Management Systems, as in the nature of web-applications, are subject to attacks delivered through Internet, mainly aiming at accessing restricted data for illegal use. Protection from these kinds of threats is studied in the area of web applications and has been steadily improving in the last years. Nonetheless, especially in the area of very popular and easy-to-install web applications, such as Content Managements Systems, Blogs, and open source Learning Management Systems, the usual way to protect an installed system is to wait that weaknesses in the system software are discovered, and “patches” or new system releases are made available for installation. And this can be necessary also in cases in which no new threat technique has been discovered, while just another part of the system software has been detected as “weak” to that type of attack. Here we give an account of the most usual “exploit” techniques, known to be available, and describe a prototype methodology to equip certain Learning Management Systems (namely the open source ones, in particular those based on PHP engines) with a more stable protection, making it unnecessary to patch, or reinstall, a system in a hurry, after that minor weaknesses have been unveiled. The plug-in for a system is supposed to filter the input, sent by the user through a browser, and to avoid execution of server activities on suspect data. We test the methodology on Moodle, by producing a suitable plug-in, and verifying its success at system run-time.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
Similar content being viewed by others
References
Hope, P., Walther, B.: Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast. O’Reilly, Sebastopol (2008)
Kurose, R.: Computer networking: a top-down approach. Addison-Wesley, Reading (2009)
OWASP. A Guide to Building Secure Web Applications and Web Services, http://www.owasp.org/index.php/Category:OWASP_Guide_Project
OWASP. Owasp Testing Guide v3, http://www.owasp.org/index.php/Category:OWASP_Testing_Project
AA.VV. ModSecurity web site, http://www.modsecurity.org
AA.VV. php-ids web site, http://php-ids.org
AA.VV. PHP Scripting Language. Main reference, http://www.php.net
AAVV. Moodle Learning Management System. Main reference, http://www.moodle.org
AA.VV. Wapity scanner web site, http://wapiti.sourceforge.net/
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2010 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Braga, G., Sterbini, A., Temperini, M. (2010). A Threats Blocking Plug-in for Open Source Learning Management Systems. In: Lytras, M.D., et al. Technology Enhanced Learning. Quality of Teaching and Educational Reform. TECH-EDUCATION 2010. Communications in Computer and Information Science, vol 73. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13166-0_77
Download citation
DOI: https://doi.org/10.1007/978-3-642-13166-0_77
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-13165-3
Online ISBN: 978-3-642-13166-0
eBook Packages: Computer ScienceComputer Science (R0)