Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications

Sudhodanan, Avinash; Armando, Alessandro; Carbone, Roberto; Compagna, Luca

doi:10.14722/ndss.2016.23286

Cited by 29 publications

(15 citation statements)

References 16 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Even though these works add towards test automation, complete automation of the security testing process remains a very active challenge. Recent works on XSS vulnerability detection include unit testing methods that can detect XSS vulnerabilities which cannot be found by static analysis tools [16] and attack patterns for black-box security testing of web applications [19].…”

Section: Related Workmentioning

confidence: 99%

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Simos

Kleine

Ghandehari

et al. 2016

Testing Software and Systems

View full text Add to dashboard Cite

Web applications typically employ sanitization functions to sanitize user inputs, independently whether this input is assumed to be legitimate, invalid or malicious. When such functions do not work correctly, a web application immediately becomes vulnerable to security attacks such as XSS. In this paper, we report a combinatorial approach to analyze XSS vulnerabilities in web applications. Our approach first performs combinatorial testing where a set of test vectors is executed against a subject application. If one or more XSS vulnerabilities are triggered during testing, we analyze the structure of each test vector to identify XSS-inducing combinations of its parameter model. If an attack vector contains an XSS-inducing combination, then the execution of this vector will successfully exploit an XSS vulnerability. Identification of XSS-inducing combinations provides insights about which kinds of user input might still be leverageable for XSS attacks and how to correct the function to provide better security guarantees. We conducted an experiment in which our approach was applied to four sanitization functions from the Web Application Vulnerability Scanner Evaluation Project (WAVSEP). The experimental results show that our approach can effectively identify XSS-inducing combinations for these sanitization functions.

show abstract

Section: Related Workmentioning

confidence: 99%

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Simos

Kleine

Ghandehari

et al. 2016

Testing Software and Systems

View full text Add to dashboard Cite

show abstract

“…As future work, we also plan to extend the analysis to other authentication factors, such as biometric traits. In addition, an interesting future direction could be to establish a collaboration with researchers focused on vulnerability detection of SSO and MFA protocols (e.g., [51,54,50,56] for OAuth and OIDC) in order to provide a…”

Section: Discussionmentioning

confidence: 99%

Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login

Sciarretta¹,

Carbone²,

Ranise³

et al. 2020

ACM Trans. Priv. Secur.

Self Cite

View full text Add to dashboard Cite

Over the last few years, there has been an almost exponential increase in the number of mobile applications that deal with sensitive data, such as applications for e-commerce or health. When dealing with sensitive data, classical authentication solutions based on username-password pairs are not enough, and multi-factor authentication solutions that combine two or more authentication factors of different categories are required instead. Even if several solutions are currently used, their security analyses have been performed informally or semiformally at best, and without a reference model and a precise definition of the multi-factor authentication property. This makes a comparison among the different solutions both complex and potentially misleading. In this article, we first present the design of two reference models for native applications based on the requirements of two real-world use-case scenarios. Common features between them are the use of one-time password approaches and the support of a single sign-on experience. Then, we provide a formal specification of our threat model and the security goals, and discuss the automated security analysis that we performed. Our formal analysis validates the security goals of the two reference models we propose and provides an important building block for the formal analysis of different multi-factor authentication solutions.

show abstract

“…Further offensive testing approaches against web applications and networks can be found in Duchene et al (2014), Felderer et al (2016, Sudhodanan et al (2016), andShameli-Sendi et al (2017), respectively. A general introduction and analysis of model-based testing is elaborated in Krämer and Legeard (2016) .…”

Section: Related Workmentioning

confidence: 99%

Planning-based security testing of web applications with attack grammars

Božić

Wotawa

2020

Software Qual J

View full text Add to dashboard Cite

Web applications are deployed on machines around the globe and offer almost universal accessibility. These applications assure functional interconnectivity between different components on a 24/7 basis. One of the most important requirements is data confidentiality and secure authentication. However, implementation flaws and unfulfilled requirements often result in security leaks that malicious users eventually exploited. In this context, the application of different testing methods is of utmost importance in order to detect software defects during development and to prevent unauthorized access in advance. In this paper, we contribute to test automation for web applications. In particular, we focus on using planning for testing where we introduce underlying models covering attacks and their use in testing of web applications. The planning model offers a high degree of extendibility and configurability and as well overcomes limits of traditional graphical representations. New testing possibilities emerge that eventually lead to better vulnerability detection, therefore ensuring more secure web services and applications.

show abstract

Attack Patterns for Black-Box Security Testing of Multi-Party Web Applications

Cited by 29 publications

References 16 publications

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

A Combinatorial Approach to Analyzing Cross-Site Scripting (XSS) Vulnerabilities in Web Application Security Testing

Formal Analysis of Mobile Multi-Factor Authentication with Single Sign-On Login

Planning-based security testing of web applications with attack grammars

Contact Info

Product

Resources

About