XSS-GUARD: Precise Dynamic Prevention of Cross-Site Scripting Attacks
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Symbolic String Verification: An Automata-Based Approach
SPIN '08 Proceedings of the 15th international workshop on Model Checking Software
Leveraging User Interactions for In-Depth Testing of Web Applications
RAID '08 Proceedings of the 11th international symposium on Recent Advances in Intrusion Detection
Symbolic String Verification: Combining String Analysis and Size Analysis
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
XCS: cross channel scripting and its impact on web applications
Proceedings of the 16th ACM conference on Computer and communications security
MUTEC: Mutation-based testing of Cross Site Scripting
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
A hybrid analysis framework for detecting web application vulnerabilities
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
SWAP: Mitigating XSS attacks using a reverse proxy
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
A solution for the automated detection of clickjacking attacks
ASIACCS '10 Proceedings of the 5th ACM Symposium on Information, Computer and Communications Security
Alhambra: a system for creating, enforcing, and testing browser security policies
Proceedings of the 19th international conference on World wide web
The emergence of cross channel scripting
Communications of the ACM
A semantic data validation service for web applications
Journal of Theoretical and Applied Electronic Commerce Research
Client-side detection of XSS worms by monitoring payload propagation
ESORICS'09 Proceedings of the 14th European conference on Research in computer security
Restricted delegation and revocation in language-based security: (position paper)
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
Proceedings of the 3rd ACM workshop on Assurable and usable security configuration
Alias analysis for optimization of dynamic languages
Proceedings of the 6th symposium on Dynamic languages
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
Securing script-based extensibility in web browsers
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
WebAppArmor: a framework for robust prevention of attacks on web applications
ICISS'10 Proceedings of the 6th international conference on Information systems security
Coverage criteria for automatic security testing of web applications
ICISS'10 Proceedings of the 6th international conference on Information systems security
Testing and validating machine learning classifiers by metamorphic testing
Journal of Systems and Software
Security sensitive data flow coverage criterion for automatic security testing of web applications
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Patching vulnerabilities with sanitization synthesis
Proceedings of the 33rd International Conference on Software Engineering
Path- and index-sensitive string analysis based on monadic second-order logic
Proceedings of the 2011 International Symposium on Software Testing and Analysis
The use of application scanners in software product quality assessment
Proceedings of the 8th international workshop on Software quality
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
Toward secure embedded web interfaces
SEC'11 Proceedings of the 20th USENIX conference on Security
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
String abstractions for string verification
Proceedings of the 18th international SPIN conference on Model checking software
Preventing web application injections with complementary character coding
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
A systematic analysis of XSS sanitization in web application frameworks
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
Artificial intelligence and the future of cybersecurity
Proceedings of the 4th ACM workshop on Security and artificial intelligence
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
Proceedings of the 18th ACM conference on Computer and communications security
Context-sensitive auto-sanitization in web templating languages using type qualifiers
Proceedings of the 18th ACM conference on Computer and communications security
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
Proceedings of the 18th ACM conference on Computer and communications security
A systematic mapping study on the combination of static and dynamic quality assurance techniques
Information and Software Technology
Using testing techniques for vulnerability detection in C programs
ICTSS'11 Proceedings of the 23rd IFIP WG 6.1 international conference on Testing software and systems
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
Symbolic finite state transducers: algorithms and applications
POPL '12 Proceedings of the 39th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static program analysis assisted dynamic taint tracking for software vulnerability discovery
Computers & Mathematics with Applications
Automated removal of cross site scripting vulnerabilities in web applications
Information and Software Technology
Automatically preparing safe SQL queries
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Automated code injection prevention for web applications
TOSCA'11 Proceedings of the 2011 international conference on Theory of Security and Applications
An empirical analysis of input validation mechanisms in web applications and languages
Proceedings of the 27th Annual ACM Symposium on Applied Computing
An advanced approach for modeling and detecting software vulnerabilities
Information and Software Technology
Towards a taint mode for cloud computing web applications
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Security testing of web applications: a research plan
Proceedings of the 34th International Conference on Software Engineering
A taint mode for python via a library
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Supporting automated vulnerability analysis using formalized vulnerability signatures
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Enemy of the state: a state-aware black-box web vulnerability scanner
Security'12 Proceedings of the 21st USENIX conference on Security symposium
VAM-aaS: online cloud services security vulnerability analysis and mitigation-as-a-service
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Towards fully automatic placement of security sanitizers and declassifiers
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Sigma*: symbolic learning of input-output specifications
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JStill: mostly static detection of obfuscated malicious JavaScript code
Proceedings of the third ACM conference on Data and application security and privacy
Type-based dependency analysis for javascript
Proceedings of the Eighth ACM SIGPLAN workshop on Programming languages and analysis for security
Process firewalls: protecting processes during resource access
Proceedings of the 8th ACM European Conference on Computer Systems
Finding your way in the testing jungle: a learning approach to web security testing
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis
Proceedings of the 2013 International Conference on Software Engineering
Inlined monitors for security policy enforcement in web applications
Proceedings of the 17th Panhellenic Conference on Informatics
Analyzing and defending against web-based malware
ACM Computing Surveys (CSUR)
deDacota: toward preventing server-side XSS via automatic code and data separation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Path- and index-sensitive string analysis based on monadic second-order logic
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Semantic security against web application attacks
Information Sciences: an International Journal
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Automata-based symbolic string analysis for vulnerability detection
Formal Methods in System Design
Automated detection of parameter tampering opportunities and vulnerabilities in web applications
Journal of Computer Security
Hi-index | 0.02 |
Web applications are ubiquitous, perform mission-critical tasks, and handle sensitive user data. Unfortunately, web applications are often implemented by developers with limited security skills, and, as a result, they contain vulnerabilities. Most of these vulnerabilities stem from the lack of input validation. That is, web applications use malicious input as part of a sensitive operation, without having properly checked or sanitized the input values prior to their use.Past research on vulnerability analysis has mostly focused on identifying cases in which a web application directly uses external input in critical operations. However, little research has been performed to analyze the correctness of the sanitization process. Thus, whenever a web application applies some sanitization routine to potentially malicious input, the vulnerability analysis assumes that the result is innocuous. Unfortunately, this might not be the case, as the sanitization process itself could be incorrect or incomplete.In this paper, we present a novel approach to the analysis of the sanitization process. More precisely, we combine static and dynamic analysis techniques to identify faultysanitization procedures that can be bypassed by an attacker. We implemented our approach in a tool, called Saner, and we applied it to a number of real-world applications. Our results demonstrate that we were able to identify several novel vulnerabilities that stem from erroneous sanitization procedures.