Sciweavers

ICST
2011
IEEE

Tailored Shielding and Bypass Testing of Web Applications

13 years 3 months ago
Tailored Shielding and Bypass Testing of Web Applications
User input validation is a technique to counter attacks on web applications. In typical client-server architectures, this validation is performed on the client side. This is inefficient because hackers bypass these checks and directly send malicious data to the server. User input validation thus has to be duplicated from the client-side (HTML pages) to the server-side (PHP or JSP etc.). We present a black-box approach for shielding and testing web application against bypass attacks. We automatically analyze HTML pages in order to extract all the constraints on user inputs in addition to the JavaScript validation code. Then, we leverage these constraints for an automated synthesis of a shield, a reverse-proxy tool that protects the server side. The originality and main contribution of this paper is to offer a solution specifically tailored to the web application, through a preliminary learning/analysis step. An experimental study on several open-source webapplications evaluates the eff...
Tejeddine Mouelhi, Yves Le Traon, Erwan Abgrall, B
Added 21 Aug 2011
Updated 21 Aug 2011
Type Journal
Year 2011
Where ICST
Authors Tejeddine Mouelhi, Yves Le Traon, Erwan Abgrall, Benoit Baudry, Sylvain Gombault
Comments (0)