MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications

@inproceedings{Monshizadeh2014MACEDP,
  title={MACE: Detecting Privilege Escalation Vulnerabilities in Web Applications},
  author={Maliheh Monshizadeh and Prasad Naldurg and V. N. Venkatakrishnan},
  booktitle={ACM Conference on Computer and Communications Security},
  year={2014}
}
We explore the problem of identifying unauthorized privilege escalation instances in a web application. These vulnerabilities are typically caused by missing or incorrect authorizations in the server side code of a web application. The problem of identifying these vulnerabilities is compounded by the lack of an access control policy specification in a typical web application, where the only supplied documentation is in fact its source code. This makes it challenging to infer missing checks that… CONTINUE READING
Highly Cited
This paper has 17 citations. REVIEW CITATIONS

Citations

Publications citing this paper.
Showing 1-10 of 13 extracted citations

References

Publications referenced by this paper.
Showing 1-3 of 3 references

Similar Papers

Loading similar papers…