Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ICST
2011
IEEE
2011
IEEE
Tailored Shielding and Bypass Testing of Web Applications
User input validation is a technique to counter attacks on web applications. In typical client-server architectures, this validation is performed on the client side. This is inefficient because hackers bypass these checks and directly send malicious data to the server. User input validation thus has to be duplicated from the client-side (HTML pages) to the server-side (PHP or JSP etc.). We present a black-box approach for shielding and testing web application against bypass attacks. We automatically analyze HTML pages in order to extract all the constraints on user inputs in addition to the JavaScript validation code. Then, we leverage these constraints for an automated synthesis of a shield, a reverse-proxy tool that protects the server side. The originality and main contribution of this paper is to offer a solution specifically tailored to the web application, through a preliminary learning/analysis step. An experimental study on several open-source webapplications evaluates the eff...
Real-time TrafficRelated Content
| Added | 21 Aug 2011 |
| Updated | 21 Aug 2011 |
| Type | Journal |
| Year | 2011 |
| Where | ICST |
| Authors | Tejeddine Mouelhi, Yves Le Traon, Erwan Abgrall, Benoit Baudry, Sylvain Gombault |
Comments (0)
Researcher Info
|
