Detecting Manipulated Remote Call Streams
Proceedings of the 11th USENIX Security Symposium
Secure web applications via automatic partitioning
Proceedings of twenty-first ACM SIGOPS symposium on Operating systems principles
Using static analysis for Ajax intrusion detection
Proceedings of the 18th international conference on World wide web
Cross-tier, label-based security enforcement for web applications
Proceedings of the 2009 ACM SIGMOD International Conference on Management of data
Ripley: automatically securing web 2.0 applications through replicated execution
Proceedings of the 16th ACM conference on Computer and communications security
Links: web programming without tiers
FMCO'06 Proceedings of the 5th international conference on Formal methods for components and objects
A Symbolic Execution Framework for JavaScript
SP '10 Proceedings of the 2010 IEEE Symposium on Security and Privacy
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
Tailored Shielding and Bypass Testing of Web Applications
ICST '11 Proceedings of the 2011 Fourth IEEE International Conference on Software Testing, Verification and Validation
How to Shop for Free Online -- Security Analysis of Cashier-as-a-Service Based Web Stores
SP '11 Proceedings of the 2011 IEEE Symposium on Security and Privacy
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
Proceedings of the 18th ACM conference on Computer and communications security
Proceedings of the 2012 International Symposium on Software Testing and Analysis
Hi-index | 0.00 |
Parameter tampering attacks are dangerous to a web application whose server performs weaker data sanitization than its client. This paper presents TamperProof, a methodology and tool that offers a novel and efficient mechanism to protect Web applications from parameter tampering attacks. TamperProof is an online defense deployed in a trusted environment between the client and server and requires no access to, or knowledge of, the server side codebase, making it effective for both new and legacy applications. The paper reports on experiments that demonstrate TamperProof's power in efficiently preventing all known parameter tampering vulnerabilities on ten different applications.