Skip to main content
SpringerLink
Log in

A Threats Blocking Plug-in for Open Source Learning Management Systems

  • Conference paper
Technology Enhanced Learning. Quality of Teaching and Educational Reform (TECH-EDUCATION 2010)

Part of the book series: Communications in Computer and Information Science ((CCIS,volume 73))

Included in the following conference series:

Abstract

Web-based Learning Management Systems, as in the nature of web-applications, are subject to attacks delivered through Internet, mainly aiming at accessing restricted data for illegal use. Protection from these kinds of threats is studied in the area of web applications and has been steadily improving in the last years. Nonetheless, especially in the area of very popular and easy-to-install web applications, such as Content Managements Systems, Blogs, and open source Learning Management Systems, the usual way to protect an installed system is to wait that weaknesses in the system software are discovered, and “patches” or new system releases are made available for installation. And this can be necessary also in cases in which no new threat technique has been discovered, while just another part of the system software has been detected as “weak” to that type of attack. Here we give an account of the most usual “exploit” techniques, known to be available, and describe a prototype methodology to equip certain Learning Management Systems (namely the open source ones, in particular those based on PHP engines) with a more stable protection, making it unnecessary to patch, or reinstall, a system in a hurry, after that minor weaknesses have been unveiled. The plug-in for a system is supposed to filter the input, sent by the user through a browser, and to avoid execution of server activities on suspect data. We test the methodology on Moodle, by producing a suitable plug-in, and verifying its success at system run-time.

This is a preview of subscription content, log in via an institution to check access.

Access this chapter

Log in via an institution
Chapter
USD 29.95
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
eBook
USD 84.99
Price excludes VAT (USA)
  • Available as PDF
  • Read on any device
  • Instant download
  • Own it forever
Softcover Book
USD 109.99
Price excludes VAT (USA)
  • Compact, lightweight edition
  • Dispatched in 3 to 5 business days
  • Free shipping worldwide - see info

Tax calculation will be finalised at checkout

Purchases are for personal use only

Institutional subscriptions

Preview

Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.

Similar content being viewed by others

References

  1. Hope, P., Walther, B.: Web Security Testing Cookbook: Systematic Techniques to Find Problems Fast. O’Reilly, Sebastopol (2008)

    Google Scholar 

  2. Kurose, R.: Computer networking: a top-down approach. Addison-Wesley, Reading (2009)

    Google Scholar 

  3. OWASP. A Guide to Building Secure Web Applications and Web Services, http://www.owasp.org/index.php/Category:OWASP_Guide_Project

  4. OWASP. Owasp Testing Guide v3, http://www.owasp.org/index.php/Category:OWASP_Testing_Project

  5. AA.VV. ModSecurity web site, http://www.modsecurity.org

  6. AA.VV. php-ids web site, http://php-ids.org

  7. AA.VV. PHP Scripting Language. Main reference, http://www.php.net

  8. AAVV. Moodle Learning Management System. Main reference, http://www.moodle.org

  9. AA.VV. Wapity scanner web site, http://wapiti.sourceforge.net/

Download references

Author information

Authors and Affiliations

  1. Department of Computer and System Sciences, Sapienza University of Rome, Via Ariosto 25, I-00185, Rome, Italy

    Gianluca Braga & Marco Temperini

  2. Department of Computer Science, Sapienza University of Rome, Via Salaria 113, I-00198, Rome, Italy

    Andrea Sterbini

Authors
  1. Gianluca Braga
    View author publications

    You can also search for this author in PubMed Google Scholar

  2. Andrea Sterbini
    View author publications

    You can also search for this author in PubMed Google Scholar

  3. Marco Temperini
    View author publications

    You can also search for this author in PubMed Google Scholar

Editor information

Editors and Affiliations

  1. The American College of Greece, Gerakas Attikis, Greece

    Miltiadis D. Lytras

  2. University of Oviedo, Spain

    Patricia Ordonez De Pablos

  3. ESSEC Business School, Cergy Pontoise Cedex, France

    David Avison

  4. Villanova University, Villanova, PA, USA

    Janice Sipior

  5. Dept. Human Informatics and Cognitive Sciences, Waseda University, 2-579-15 Mikajima, Tokorozawa, 359-1192, Saitama, Japan

    Qun Jin

  6. Hamburg University of Applied Sciences, Hamburg, Germany

    Walter Leal

  7. Staffordshire University, Becaonside, Stafford, UK

    Lorna Uden

  8. Nagoya University of Commerce and Business, Japan

    Michael Thomas

  9. Trieste University, Italy

    Sara Cervai

  10. The American College of Greece, Aghia Paraskevi, Greece

    David Horner

Rights and permissions

Reprints and permissions

Copyright information

© 2010 Springer-Verlag Berlin Heidelberg

About this paper

Cite this paper

Braga, G., Sterbini, A., Temperini, M. (2010). A Threats Blocking Plug-in for Open Source Learning Management Systems. In: Lytras, M.D., et al. Technology Enhanced Learning. Quality of Teaching and Educational Reform. TECH-EDUCATION 2010. Communications in Computer and Information Science, vol 73. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-13166-0_77

Download citation

  • DOI: https://doi.org/10.1007/978-3-642-13166-0_77

  • Publisher Name: Springer, Berlin, Heidelberg

  • Print ISBN: 978-3-642-13165-3

  • Online ISBN: 978-3-642-13166-0

  • eBook Packages: Computer ScienceComputer Science (R0)

Publish with us

Policies and ethics

Search

Navigation