Automated detection of client-state manipulation vulnerabilities

@article{Mller2012AutomatedDO,
  title={Automated detection of client-state manipulation vulnerabilities},
  author={Anders M{\o}ller and Mathias Schwarz},
  journal={2012 34th International Conference on Software Engineering (ICSE)},
  year={2012},
  pages={749-759}
}
Web application programmers must be aware of a wide range of potential security risks. Although the most common pitfalls are well described and categorized in the literature, it remains a challenging task to ensure that all guidelines are followed. For this reason, it is desirable to construct automated tools that can assist the programmers in the application development process by detecting weaknesses. Many vulnerabilities are related to web application code that stores references to… 

Figures from this paper

Security slicing for auditing XML, XPath, and SQL injection vulnerabilities
TLDR
This paper proposes an approach to assist security auditors by defining and experimenting with pruning techniques to reduce original program slices to what they refer to as security slices, which contain sound and precise information.
An Integrated Approach for Effective Injection Vulnerability Analysis of Web Applications Through Security Slicing and Hybrid Constraint Solving
TLDR
This work addresses the challenge of detecting injection vulnerabilities in the server-side code of Java Web applications in a scalable and effective way with an integrated approach that seamlessly combines security slicing with hybrid constraint solving.
Security slicing for auditing common injection vulnerabilities
A sound framework for dynamic prevention of Local File Inclusion
TLDR
Current research makes a brief survey of static and dynamic code analysis and suggests a framework for dynamically preventing malicious file inclusions by attackers and discusses that this framework prevents local file inclusion even if the developer has exploitable source code.
Proposal for expansion of STASEC tool
TLDR
STASEC is a tool for static analysis of source code of Web applications that are implemented using the Java programming language is presented for expansion with new module for the automatic detection of application vulnerabilities caused by manipulation of the input data on the client.
Testing and analysis of web applications using page models
TLDR
A static-analysis approach that automatically constructs a ``model'' of each page in a given application, which faithfully over-approximates the possible elements of the page as well as the control-flows and data-flows due to these elements.
Search-Driven String Constraint Solving for Vulnerability Detection
TLDR
A search-driven constraint solving technique that complements the support for complex string operations provided by any existing string constraint solver, using a hybrid constraint solving procedure based on the Ant Colony Optimization meta-heuristic.
What Norwegian Developers Want and Need From Security-Directed Program Analysis Tools: A Survey
TLDR
A survey of Norwegian software consultants finds a positive relation between preference for soundness over completeness in tools and preference for annotation-based over automated tools.
Enhancing Trust –A Unified Meta-Model for Software Security Vulnerability Analysis
TLDR
SEVONT is presented, a Semantic Web based modeling approach to support a formal and semi-automated approach for unifying vulnerability information resources and demonstrates that the presented knowledge modeling approach cannot only unify heterogeneous vulnerability data sources but also enables new types of vulnerability analysis.
Static analysis of event-driven Node.js JavaScript applications
TLDR
The event-based call graph is presented, a program representation that can be used to detect bugs related to event handling and the number of false positives reported by the analysis on a suite of small Node.js applications is manageable.
...
1
2
...

References

SHOWING 1-10 OF 75 REFERENCES
Toward Automated Detection of Logic Vulnerabilities in Web Applications
TLDR
This paper uses dynamic analysis and observes the normal operation of a web application to infer a simple set of behavioral specifications, and uses model checking over symbolic input to identify program paths that are likely to violate these specifications under specific conditions, indicating the presence of a certain type of web application logic flaws.
Securing web applications with static and dynamic information flow tracking
TLDR
A static context-sensitive, but flow-insensitive information flow tracking analysis that can be used to find all the vulnerabilities in a program and is able to automatically recover from attacks as they occurred using the dynamic checker.
Static Detection of Access Control Vulnerabilities in Web Applications
TLDR
This paper describes the first static analysis that automatically detects access control vulnerabilities in web applications and describes the core of the analysis is a technique that statically infers and enforces implicit access control assumptions.
Securing web application code by static analysis and runtime protection
TLDR
A lattice-based static analysis algorithm derived from type systems and typestate is created, and its soundness is addressed, thus securing Web applications in the absence of user intervention and reducing potential runtime overhead by 98.4%.
Static detection of cross-site scripting vulnerabilities
  • Gary Wassermann, Z. Su
  • Computer Science
    2008 ACM/IEEE 30th International Conference on Software Engineering
  • 2008
TLDR
This paper presents a static analysis for finding XSS vulnerabilities that directly addresses weak or absent input validation, and implements the approach and provides an extensive evaluation that finds both known and unknown vulnerabilities in real-world web applications.
Finding Security Vulnerabilities in Java Applications with Static Analysis
TLDR
This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks based on a scalable and precise points-to analysis.
Sound and precise analysis of web applications for injection vulnerabilities
TLDR
This paper proposes a precise, sound, and fully automated analysis technique for SQL injection that successfully discovered previously unknown and sometimes subtle vulnerabilities in real-world programs, has a low false positive rate, and scales to large programs.
Static analysis for detecting taint-style vulnerabilities in web applications
TLDR
This paper addresses the problem of vulnerable web applications by means of static source code analysis and uses flow-sensitive, interprocedural and context-sensitive data flow analysis to discover vulnerable points in a program.
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
TLDR
A new technique using a model-based approach to detect illegal queries before they are executed on the database and was able to stop all of the attempted attacks without generating any false positives.
Enemy of the State: A State-Aware Black-Box Web Vulnerability Scanner
TLDR
It is shown that the state-aware black-box web vulnerability scanner is able to not only exercise more code of the web application, but also discover vulnerabilities that other vulnerability scanners miss.
...
1
2
3
4
5
...