Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
ISSTA
2012
ACM
2012
ACM
ViewPoints: differential string analysis for discovering client- and server-side input validation inconsistencies
Since web applications are easily accessible, and often store a large amount of sensitive user information, they are a common target for attackers. In particular, attacks that focus on input validation vulnerabilities are extremely effective and dangerous. To address this problem, we developed ViewPoints—a technique that can identify erroneous or insufficient validation and sanitization of the user inputs by automatically discovering inconsistencies between clientand server-side input validation functions. Developers typically perform redundant input validation in both the front-end (client) and the back-end (server) components of a web application. Clientside validation is used to improve the responsiveness of the application, as it allows for responding without communicating with the server, whereas server-side validation is necessary for security reasons, as malicious users can easily circumvent client-side checks. ViewPoints (1) automatically extracts client- and server-side in...
Real-time TrafficInput Validation Vulnerabilities | ISSTA 2012 | Side Checks | Software Engineering | Validation Functions |
| Added | 28 Sep 2012 |
| Updated | 28 Sep 2012 |
| Type | Journal |
| Year | 2012 |
| Where | ISSTA |
| Authors | Muath Alkhalaf, Shauvik Roy Choudhary, Mattia Fazzini, Tevfik Bultan, Alessandro Orso, Christopher Kruegel |
Comments (0)
Researcher Info
|
