Detecting and Exploiting Second Order Denial-of-Service Vulnerabilities in Web Applications

Olivo, Oswaldo; Dillig, Işıl; Lin, Calvin

doi:10.1145/2810103.2813680

Cited by 28 publications

(21 citation statements)

References 17 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…TORPEDO was a static‐analysis tool for detecting a second‐order DoS attack in web applications. In this type of attacks, first the database was filled with a great amount of data.…”

Section: Related Workmentioning

confidence: 99%

“…Each of these studies analyzed specific cases of this type of vulnerability. The vulnerabilities examined in studies are similar, as they may be exploited by limited legal requests. Furthermore, identifying such vulnerabilities would be easier by understanding the logic of the web application.…”

Section: Introductionmentioning

confidence: 99%

“…Business‐layer DoS vulnerabilities have been analyzed in numerous studies under different names (sophisticated DoS vulnerability , CPU‐exhaustion vulnerability , algorithmic‐complexity vulnerability , complexity vulner‐ability , worst‐case time/space complexity , ReDoS , second‐order DoS vulnerability , infinite loop , semantic resource‐exhaustion vulnerability , and tainted‐loop vulnerability , high‐complexity control structures ). Each of these studies analyzed specific cases of this type of vulnerability.…”

Section: Introductionmentioning

confidence: 99%

“…Furthermore, identifying such vulnerabilities would be easier by understanding the logic of the web application. Unfortunately, the approaches proposed to detect these vulnerabilities have false positives and require the web‐application source code for performing the vulnerability analysis. Moreover, these approaches are for the web applications written in a particular language.…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

Evaluating the web‐application resiliency to business‐layer DoS attacks

2019

View full text Add to dashboard Cite

A denial‐of‐service (DoS) attack is a serious attack that targets web applications. According to Imperva, DoS attacks in the application layer comprise 60% of all the DoS attacks. Nowadays, attacks have grown into application‐ and business‐layer attacks, and vulnerability‐analysis tools are unable to detect business‐layer vulnerabilities (logic‐related vulnerabilities). This paper presents the business‐layer dynamic application security tester (BLDAST) as a dynamic, black‐box vulnerability‐analysis approach to identify the business‐logic vulnerabilities of a web application against DoS attacks. BLDAST evaluates the resiliency of web applications by detecting vulnerable business processes. The evaluation of six widely used web applications shows that BLDAST can detect the vulnerabilities with 100% accuracy. BLDAST detected 30 vulnerabilities in the selected web applications; more than half of the detected vulnerabilities were new and unknown. Furthermore, the precision of BLDAST for detecting the business processes is shown to be 94%, while the generated user navigation graph is improved by 62.8% because of the detection of similar web pages.

show abstract

“…TORPEDO was a static‐analysis tool for detecting a second‐order DoS attack in web applications. In this type of attacks, first the database was filled with a great amount of data.…”

Section: Related Workmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Evaluating the web‐application resiliency to business‐layer DoS attacks

2019

View full text Add to dashboard Cite

show abstract

“…Such approaches may not scale well when the input space is larger and less structured as is the case in NFs. [28] automatically detects and exploits Automated Synthesis of Adversarial Workloads for Network Functions SIGCOMM '18, August 20-25, 2018, Budapest, Hungary second order denial-of-service attacks in web services. Such attacks result from the implicit complexity of processing database queries in web service architectures and don't directly apply in NF environments.…”

Section: Performance Evaluation and Diagnosismentioning

confidence: 99%

Automated synthesis of adversarial workloads for network functions

Pedrosa

Iyer

Zaostrovnykh

et al. 2018

Proceedings of the 2018 Conference of the ACM Special Interest Group on Data Communication

View full text Add to dashboard Cite

Software network functions promise to simplify the deployment of network services and reduce network operation cost. However, they face the challenge of unpredictable performance. Given this performance variability, it is imperative that during deployment, network operators consider the performance of the NF not only for typical but also adversarial workloads. We contribute a tool that helps solve this challenge: it takes as input the LLVM code of a network function and outputs packet sequences that trigger slow execution paths. Under the covers, it combines directed symbolic execution with a sophisticated cache model to look for execution paths that incur many CPU cycles and involve adversarial memory-access patterns. We used our tool on 11 network functions that implement a variety of data structures and discovered workloads that can in some cases triple latency and cut throughput by 19% relative to typical testing workloads.

show abstract