Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2010
ACM
2010
ACM
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Web applications rely heavily on client-side computation to examine and validate form inputs that are supplied by a user (e.g., “credit card expiration date must be valid”). This is typically done for two reasons: to reduce burden on the server and to avoid latencies in communicating with the server. However, when a server fails to replicate the validation performed on the client, it is potentially vulnerable to attack. In this paper, we present a novel approach for automatically detecting potential server-side vulnerabilities of this kind in existing (legacy) web applications through blackbox analysis. We discuss the design and implementation of NOTAMPER, a tool that realizes this approach. NOTAMPER has been employed to discover several previously unknown vulnerabilities in a number of open-source web applications and live web sites. Categories and Subject Descriptors D.4.6 [Security and Protection]: Verification; K.4.4 [Electronic Commerce]: Security; K.6.5 [Security and Protec...
Real-time TrafficCard Expiration Date | CCS 2010 | Potential Server-side Vulnerabilities | Security Privacy | Web Applications |
| Added | 13 Jan 2011 |
| Updated | 13 Jan 2011 |
| Type | Journal |
| Year | 2010 |
| Where | CCS |
| Authors | Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky, Radoslaw Bobrowicz, V. N. Venkatakrishnan |
Comments (0)
Researcher Info
|
