Detecting Attacks That Exploit Application-Logic Errors Through Application-Level Auditing
ACSAC '04 Proceedings of the 20th Annual Computer Security Applications Conference
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Static analysis of anomalies and security vulnerabilities in executable files
Proceedings of the 44th annual Southeast regional conference
Static Detection of Vulnerabilities in x86 Executables
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Penetration Testing with Improved Input Vector Identification
ICST '09 Proceedings of the 2009 International Conference on Software Testing Verification and Validation
Toward automated detection of logic vulnerabilities in web applications
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
| Hi-index | 0.00 |
Business applications are complex artefacts implementing custom business logic. While much research effort has been put in the identification of technical vulnerabilities (such as buffer overflows and SQL injections), application-level logic vulnerabilities have drawn relatively limited attention, thus putting the application's mission at risk. In this paper, we design, implement, and evaluate a novel heuristic application-independent framework, which combines static and dynamic analysis, input vector, and information extraction analysis, along with a fuzzy logic system, so as to detect and assert the criticality of application-level logic vulnerabilities in Java stand-alone GUI applications.