Free Online Productivity Tools
i2Speak
i2Symbol
i2OCR
iTex2Img
iWeb2Print
iWeb2Shot
i2Type
iPdf2Split
iPdf2Merge
i2Bopomofo
i2Arabic
i2Style
i2Image
i2PDF
iLatex2Rtf
Sci2ools
CCS
2011
ACM
2011
ACM
WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction
Parameter tampering attacks are dangerous to a web application whose server fails to replicate the validation of user-supplied data that is performed by the client. Malicious users who circumvent the client can capitalize on the missing server validation. In this paper, we describe WAPTEC, a tool that is designed to automatically identify parameter tampering vulnerabilities and generate exploits by construction to demonstrate those vulnerabilities. WAPTEC involves a new approach to whitebox analysis of the server’s code. We tested WAPTEC on six open source applications and found previously unknown vulnerabilities in every single one of them. Categories and Subject Descriptors D.4.6 [Security and Protection]: Verification; K.4.4 [Electronic Commerce]: Security; K.6.5 [Security and Protection]: Unauthorized access General Terms Languages, Security, Verification Keywords Parameter Tampering, Exploit Construction, Program Analysis, Constraint Solving
Real-time TrafficCCS 2011 | Electronic Commerce Security | Open Source Applications | Parameter Tampering | Security Privacy |
| Added | 13 Dec 2011 |
| Updated | 13 Dec 2011 |
| Type | Journal |
| Year | 2011 |
| Where | CCS |
| Authors | Prithvi Bisht, Timothy Hinrichs, Nazari Skrupsky, V. N. Venkatakrishnan |
Comments (0)
Researcher Info
|
