Bugs as deviant behavior: a general approach to inferring errors in systems code
SOSP '01 Proceedings of the eighteenth ACM symposium on Operating systems principles
POPL '02 Proceedings of the 29th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Automated Software Engineering
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
From uncertainty to belief: inferring the specification within
OSDI '06 Proceedings of the 7th symposium on Operating systems design and implementation
Multi-module vulnerability analysis of web-based applications
Proceedings of the 14th ACM conference on Computer and communications security
The Daikon system for dynamic detection of likely invariants
Science of Computer Programming
DSD-Crasher: A hybrid analysis tool for bug finding
ACM Transactions on Software Engineering and Methodology (TOSEM)
On Race Vulnerabilities in Web Applications
DIMVA '08 Proceedings of the 5th international conference on Detection of Intrusions and Malware, and Vulnerability Assessment
Automatic Inference and Enforcement of Kernel Data Structure Invariants
ACSAC '08 Proceedings of the 2008 Annual Computer Security Applications Conference
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
AutoISES: automatically inferring security specifications and detecting violations
SS'08 Proceedings of the 17th conference on Security symposium
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
JPF-SE: a symbolic execution extension to Java PathFinder
TACAS'07 Proceedings of the 13th international conference on Tools and algorithms for the construction and analysis of systems
Swaddler: an approach for the anomaly-based detection of state violations in web applications
RAID'07 Proceedings of the 10th international conference on Recent advances in intrusion detection
Defending against injection attacks through context-sensitive string evaluation
RAID'05 Proceedings of the 8th international conference on Recent Advances in Intrusion Detection
Diesel: applying privilege separation to database access
Proceedings of the 6th ACM Symposium on Information, Computer and Communications Security
Measuring subversions: security and legal risk in reused software artifacts
Proceedings of the 33rd International Conference on Software Engineering
Exploring the relationship betweenweb application development tools and security
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
ZDVUE: prioritization of javascript attacks to discover new vulnerabilities
Proceedings of the 4th ACM workshop on Security and artificial intelligence
Fear the EAR: discovering and mitigating execution after redirect vulnerabilities
Proceedings of the 18th ACM conference on Computer and communications security
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
Proceedings of the 18th ACM conference on Computer and communications security
RoleCast: finding missing security checks when you do not know what checks are
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
BLOCK: a black-box approach for detection of state violation attacks towards web applications
Proceedings of the 27th Annual Computer Security Applications Conference
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
SENTINEL: securing database from logic flaws in web applications
Proceedings of the second ACM conference on Data and Application Security and Privacy
SAFERPHP: finding semantic vulnerabilities in PHP applications
Proceedings of the ACM SIGPLAN 6th Workshop on Programming Languages and Analysis for Security
Hunting application-level logical errors
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Supporting automated vulnerability analysis using formalized vulnerability signatures
Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering
Enemy of the state: a state-aware black-box web vulnerability scanner
Security'12 Proceedings of the 21st USENIX conference on Security symposium
CHEX: statically vetting Android apps for component hijacking vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
VAM-aaS: online cloud services security vulnerability analysis and mitigation-as-a-service
WISE'12 Proceedings of the 13th international conference on Web Information Systems Engineering
Control-Flow integrity in web applications
ESSoS'13 Proceedings of the 5th international conference on Engineering Secure Software and Systems
Model checking database applications
TACAS'13 Proceedings of the 19th international conference on Tools and Algorithms for the Construction and Analysis of Systems
Adversarial attacks against intrusion detection systems: Taxonomy, solutions and open issues
Information Sciences: an International Journal
EARs in the wild: large-scale analysis of execution after redirect vulnerabilities
Proceedings of the 28th Annual ACM Symposium on Applied Computing
LogicScope: automatic discovery of logic vulnerabilities within web applications
Proceedings of the 8th ACM SIGSAC symposium on Information, computer and communications security
Semantic smells and errors in access control models: a case study in PHP
Proceedings of the 2013 International Conference on Software Engineering
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Automated black-box detection of access control vulnerabilities in web applications
Proceedings of the 4th ACM conference on Data and application security and privacy
Automated detection of parameter tampering opportunities and vulnerabilities in web applications
Journal of Computer Security
Hi-index | 0.00 |
Web applications are the most common way to make services and data available on the Internet. Unfortunately, with the increase in the number and complexity of these applications, there has also been an increase in the number and complexity of vulnerabilities. Current techniques to identify security problems in web applications have mostly focused on input validation flaws, such as crosssite scripting and SQL injection, with much less attention devoted to application logic vulnerabilities. Application logic vulnerabilities are an important class of defects that are the result of faulty application logic. These vulnerabilities are specific to the functionality of particular web applications, and, thus, they are extremely difficult to characterize and identify. In this paper, we propose a first step toward the automated detection of application logic vulnerabilities. To this end, we first use dynamic analysis and observe the normal operation of a web application to infer a simple set of behavioral specifications. Then, leveraging the knowledge about the typical execution paradigm of web applications, we filter the learned specifications to reduce false positives, and we use model checking over symbolic input to identify program paths that are likely to violate these specifications under specific conditions, indicating the presence of a certain type of web application logic flaws. We developed a tool, called Waler, based on our ideas, and we applied it to a number of web applications, finding previously-unknown logic vulnerabilities.