Sciweavers

USS
2010

Toward Automated Detection of Logic Vulnerabilities in Web Applications

13 years 7 months ago
Toward Automated Detection of Logic Vulnerabilities in Web Applications
Web applications are the most common way to make services and data available on the Internet. Unfortunately, with the increase in the number and complexity of these applications, there has also been an increase in the number and complexity of vulnerabilities. Current techniques to identify security problems in web applications have mostly focused on input validation flaws, such as crosssite scripting and SQL injection, with much less attention devoted to application logic vulnerabilities. Application logic vulnerabilities are an important class of defects that are the result of faulty application logic. These vulnerabilities are specific to the functionality of particular web applications, and, thus, they are extremely difficult to characterize and identify. In this paper, we propose a first step toward the automated detection of application logic vulnerabilities. To this end, we first use dynamic analysis and observe the normal operation of a web application to infer a simple set of ...
Viktoria Felmetsger, Ludovico Cavedon, Christopher
Added 15 Feb 2011
Updated 15 Feb 2011
Type Journal
Year 2010
Where USS
Authors Viktoria Felmetsger, Ludovico Cavedon, Christopher Kruegel, Giovanni Vigna
Comments (0)