Results 1 - 10 of 127

Sound and Precise Analysis of Web Applications for Injection Vulnerabilities

by Gary Wassermann, Zhendong Su - PLDI'07 , 2007
"... Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections; w ..."
Abstract - Cited by 161 (5 self) - Add to MetaCart
Web applications are popular targets of security attacks. One common type of such attacks is SQL injection, where an attacker exploits faulty application code to execute maliciously crafted database queries. Both static and dynamic approaches have been proposed to detect or prevent SQL injections

Vulnerability Analysis of Web-based Applications

by Marco Cova, Viktoria Felmetsger, Giovanni Vigna , 2007
"... In the last few years, the popularity of web-based applications has grown tremendously. A number of factors have led an increasing number of organizations and individuals to rely on web-based applications to provide access to a variety of services. Today, web-based applications are routinely used i ..."
Abstract - Cited by 1 (0 self) - Add to MetaCart
applications at early stages of development and deployment. Recently, a number of methodologies and tools have been proposed to support the assessment of the security of web-based applications. In this paper, we survey the current approaches to web vulnerability analysis and we propose a classification along

Vulnerability Analysis of Web-based Applications

by n.n.
"... In the last few years, the popularity of web-based applications has grown tremendously. A number of factors have led an increasing number of organizations and individuals to rely on web-based applications to provide access to a variety of services. Today, web-based applications are routinely used ..."
Abstract - Add to MetaCart
applications at early stages of development and deployment. Recently, a number of methodologies and tools have been proposed to support the assessment of the security of web-based applications. In this paper, we survey the current approaches to web vulnerability analysis and we propose a classification along

Discovering concrete attacks on website authorization by formal analysis

by Chetan Bansal, Karthikeyan Bhargavan, Sergio Maffeis
"... Abstract—Social sign-on and social sharing are becoming an ever more popular feature of web applications. This success is largely due to the APIs and support offered by prominent social networks, such as Facebook, Twitter, and Google, on the basis of new open standards such as the OAuth 2.0 authoriz ..."
Abstract - Cited by 20 (6 self) - Add to MetaCart
Verif. Our models rely on WebSpi, a new library for modeling web applications and web-based attackers that is designed to help discover concrete website attacks. Our approach is validated by finding dozens of previously unknown vulnerabilities in popular websites such as Yahoo and WordPress, when

Efficient patch-based auditing for web application vulnerabilities

by Taesoo Kim, Ramesh Ch, Nickolai Zeldovich
"... POIROT is a system that, given a patch for a newly discovered security vulnerability in a web application, helps administrators detect past intrusions that exploited the vulnerability. POIROT records all requests to the server during normal operation, and given a patch, re-executes requests using bo ..."
Abstract - Cited by 7 (4 self) - Add to MetaCart
POIROT is a system that, given a patch for a newly discovered security vulnerability in a web application, helps administrators detect past intrusions that exploited the vulnerability. POIROT records all requests to the server during normal operation, and given a patch, re-executes requests using

Using generalization and characterization techniques in the anomaly-based detection of web attacks

by William Robertson, Giovanni Vigna, Christopher Kruegel, Richard A. Kemmerer - In Proceedings of the 13 th Symposium on Network and Distributed System Security (NDSS , 2006
"... The custom, ad hoc nature of web applications makes learning-based anomaly detection systems a suitable approach to provide early warning about the exploitation of novel vulnerabilities. However, anomaly-based systems are known for producing a large number of false positives and for providing poor o ..."
Abstract - Cited by 44 (5 self) - Add to MetaCart
The custom, ad hoc nature of web applications makes learning-based anomaly detection systems a suitable approach to provide early warning about the exploitation of novel vulnerabilities. However, anomaly-based systems are known for producing a large number of false positives and for providing poor

Web Application Attacks Detection: A Survey and Classification

by Nadya Elbachir, El Moussaid, Ahmed Toumanari
"... The number of attacks is increasing day by day, especially the web attacks due to the shift of the majority of companies towards web applications. Therefore, the security of their sensitive data against attackers becomes a crucial matter for all organization and companies. Thus the necessity to use ..."
Abstract - Add to MetaCart
intrusion detection systems are required in order to increases the protection and prevent attackers from exploiting these data in illegal way. In this paper we begin by giving a survey of web application attacks and vulnerabilities, also approaches to improve the web application security using intrusion

An Approach to Remove Security Vulnerability Affected By SQL Code Injection Attack

by Shanu Verma
"... Abstract — In this era, we are totally dependent on web application like e-banking, e-shopping, online payments of bill etc. Sometime unauthorized users may access confidential data. As a consequence, the users could loss their confidential data or it may face complete destruction There are various ..."
Abstract - Add to MetaCart
the technique of “CRYPTOGRAPHY HASHING FUNCTION USING MD5 to eliminate SQL Injection vulnerabilities up to some extent. The propose approach is a cryptographic for such attacks. This approach is based on a cryptographic hashfunction, which computes the Hash value of user inputs, finds the database record based

MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications

by Maliheh Monshizadeh, Prasad Naldurg, V. N. Venkatakrishnan
"... We explore the problem of identifying unauthorized privilege es-calation instances in a web application. These vulnerabilities are typically caused by missing or incorrect authorizations in the server side code of a web application. The problem of identifying these vulnerabilities is compounded by t ..."
Abstract - Cited by 1 (1 self) - Add to MetaCart
that uncov-ers vulnerabilities that could be exploited in the form of privilege escalation attacks. In particular, MACE is the first tool reported in the literature to identify a new class of web application vulner-abilities called Horizontal Privilege Escalation (HPE) vulnerabil-ities. MACE works on large

Supporting Automated Vulnerability Analysis using Formalized Vulnerability Signatures

by Mohemed Almorsy, John Grundy, Amani S. Ibrahim
"... Adopting publicly accessible platforms such as cloud computing model to host IT systems has become a leading trend. Although this helps to minimize cost and increase availability and reachability of applications, it has serious implications on applications ’ security. Hackers can easily exploit vuln ..."
Abstract - Cited by 6 (2 self) - Add to MetaCart
specific vulnerabilities, our approach incorporates a formal vulnerability signature described using OCL. Using this formal signature, we perform program analysis of the target system to locate signature matches (i.e. signs of possible vulnerabilities). A newly–discovered vulnerability can be easily
Results 1 - 10 of 127