Automated Security Analysis of Dynamic Web Applications through Symbolic Code Execution

Agosta, Giovanni; Barenghi, Alessandro; Parata, Antonio; Pelosi, Gerardo

doi:10.1109/itng.2012.167

Cited by 37 publications

(25 citation statements)

References 6 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Finally, we are aware of numerous literature work that address the issue of mitigation SQLI and XSS vulnerabilities through black box testing [7][8][9][10], static analysis [29][30][31][32] and runtime checking [34][35][36]. These approaches can be complementary to our approach by utilizing the results from these approaches to plug-in to our proposed fuzzy logic-based risk assessment framework.…”

Section: Related Workmentioning

confidence: 99%

Risk assessment of code injection vulnerabilities using fuzzy logic-based system

Shahriar

Haddad

2014

Proceedings of the 29th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Web applications are notoriously vulnerable to code injection attacks. Given that, practitioners need to assess the risk posed by applications due to code injection attacks to plan ahead on employing necessary mitigation approaches. This paper proposes a risk assessment approach for code injection vulnerability in web applications. We are motivated by the observation that traditional risk assessment approaches work well when quantitative values of specific parameters of the risk computation model is known in advance. In practice, they are difficult to predict correctly. Moreover, one specific code injection vulnerabilities can be exploited in different ways that may result in different types of severity level. Further, diverse types of injection vulnerabilities and their implications cannot be combined in existing approaches. To address these limitations, we propose a Fuzzy Logic-based System (FLS) to assess the risk due to different types of code injection vulnerabilities. Our further contribution is a set of proposed code-level metrics that can be used to establish the linguistic terms to express vulnerability levels and their impact subjectively. We apply nested FLS to combine risk from multiple vulnerabilities to assess a single value representing the overall risk. We evaluate our approach with three real-world web applications implemented in PHP, and apply for SQL Injection (SQLI) and Cross-Site Scripting (XSS), the two most widely reported vulnerabilities in today's web applications. The initial results indicate that the proposed approach can effectively assess high risks present in vulnerable applications.

show abstract

Section: Related Workmentioning

confidence: 99%

Risk assessment of code injection vulnerabilities using fuzzy logic-based system

Shahriar

Haddad

2014

Proceedings of the 29th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

show abstract

“…al. (2012) [9] used symbolic execution and string analysis technique. It improve precision by approximated the string values that may appear at sensitive link.…”

Section: B Limitation Of Standard Php Sanitization Functionmentioning

confidence: 99%

A context-sensitive approach for precise detection of cross-site scripting vulnerabilities

Gupta

Govil

Singh

2014

2014 10th International Conference on Innovations in Information Technology (IIT)

View full text Add to dashboard Cite

Currently, dependence on web applications is increasing rapidly for social communication, health services, financial transactions and many other purposes. Unfortunately, the presence of cross-site scripting vulnerabilities in these applications allows malicious user to steals sensitive information, install malware, and performs various malicious operations. Researchers proposed various approaches and developed tools to detect XSS vulnerability from source code of web applications. However, existing approaches and tools are not free from false positive and false negative results. In this paper, we propose a taint analysis and defensive programming based HTML contextsensitive approach for precise detection of XSS vulnerability from source code of PHP web applications. It also provides automatic suggestions to improve the vulnerable source code. Preliminary experiments and results on test subjects show that proposed approach is more efficient than existing ones.

show abstract

“…A number of approaches rely on taint-based static analysis [4,29] which are often dependent on string analysis algorithms and suffer from runtime overhead and false positive warning at the server-side. In contrast to all these approaches, we put the burden of detecting SQLI attacks at the client-side with a priori information sent by the server-side.…”

Section: Related Workmentioning

confidence: 99%

“…If attack inputs can be detected early at the browse side, then it could be thwarted early by not forwarding the malicious inputs to the server-side for further processing. This could bring two benefits: adding an extra protection layer on top of server-side solutions (e.g., secure coding [9,31], code generation [33], dynamic analysis [4,29]) and working as a complementary approach to other known existing black-box level solutions (e.g., security scanner tools [14,15,19,28,32]). However, there are challenges to develop a client-side SQLI attack detection approach.…”

Section: Introductionmentioning

confidence: 99%

Early Detection of SQL Injection Attacks

Shahriar¹,

North²,

Chen³

2013

IJNSA

View full text Add to dashboard Cite

show abstract

Automated Security Analysis of Dynamic Web Applications through Symbolic Code Execution

Cited by 37 publications

References 6 publications

Risk assessment of code injection vulnerabilities using fuzzy logic-based system

Risk assessment of code injection vulnerabilities using fuzzy logic-based system

A context-sensitive approach for precise detection of cross-site scripting vulnerabilities

Early Detection of SQL Injection Attacks

Contact Info

Product

Resources

About