Sciweavers

DIMVA
2008

On Race Vulnerabilities in Web Applications

14 years 27 days ago
On Race Vulnerabilities in Web Applications
Abstract A web programmer often conceives its application as a sequential entity, thus neglecting the parallel nature of the underlying execution environment. In this environment, multiple instances of the same sequential code can be concurrently executed. From such unexpected parallel execution of intended sequential code, some unforeseen interactions could arise that may alter the original semantic of the application as it was intended by the programmer. Such interactions are usually known as race conditions. In this paper, we discuss the impact of race condition vulnerabilities on web-based applications. In particular, we focus on those race conditions that could arise because of the interaction between a web application and an underlying relational database. We introduce a dynamic detection method that, during our experiments, led to the identification of several race condition vulnerabilities even in mature open-source projects.
Roberto Paleari, Davide Marrone, Danilo Bruschi, M
Added 29 Oct 2010
Updated 29 Oct 2010
Type Conference
Year 2008
Where DIMVA
Authors Roberto Paleari, Davide Marrone, Danilo Bruschi, Mattia Monga
Comments (0)