Sciweavers

ISSTA
2012
ACM

ViewPoints: differential string analysis for discovering client- and server-side input validation inconsistencies

12 years 2 months ago
ViewPoints: differential string analysis for discovering client- and server-side input validation inconsistencies
Since web applications are easily accessible, and often store a large amount of sensitive user information, they are a common target for attackers. In particular, attacks that focus on input validation vulnerabilities are extremely effective and dangerous. To address this problem, we developed ViewPoints—a technique that can identify erroneous or insufficient validation and sanitization of the user inputs by automatically discovering inconsistencies between clientand server-side input validation functions. Developers typically perform redundant input validation in both the front-end (client) and the back-end (server) components of a web application. Clientside validation is used to improve the responsiveness of the application, as it allows for responding without communicating with the server, whereas server-side validation is necessary for security reasons, as malicious users can easily circumvent client-side checks. ViewPoints (1) automatically extracts client- and server-side in...
Muath Alkhalaf, Shauvik Roy Choudhary, Mattia Fazz
Added 28 Sep 2012
Updated 28 Sep 2012
Type Journal
Year 2012
Where ISSTA
Authors Muath Alkhalaf, Shauvik Roy Choudhary, Mattia Fazzini, Tevfik Bultan, Alessandro Orso, Christopher Kruegel
Comments (0)