Penetration Testing with Improved Input Vector Identification

Halfond, William G. J.; Choudhary, Shauvik Roy; Orso, Alessandro

doi:10.1109/icst.2009.26

Cited by 40 publications

(17 citation statements)

References 18 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Huang et al developed one of the first tools for black-box analysis of security vulnerabilities [16]. Other tools were developed to improve black-box web vulnerability scanners [2,15,20], and attempts were made to evaluate the capabilities of open-source and commercial black-box web vulnerability scanners [4,9,14,24,25]. Unlike black-box web vulnerability scanners, we did not fuzz the web applications, instead, we passively analyzed web applications to understand the prevalence of EARs on the Internet.…”

Section: Related Workmentioning

confidence: 99%

EARs in the wild

Payet

Doupé

Kruegel

et al. 2013

Proceedings of the 28th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

Execution After Redirect vulnerabilities-logic flaws in web applications where unintended code is executed after a redirect-have received little attention from the research community. In fact, we found a research paper that incorrectly modeled the redirect semantics, causing their static analysis to miss EAR vulnerabilities.To understand the breadth and scope of EARs in the real world, we performed a large-scale analysis to determine the prevalence of EARs on the Internet. We crawled 8,097,283 URLs from 255,957 domains. We employ a black-box approach that finds EARs which manifest themselves by information leakage in the HTTP redirect response. For this type of EAR, we developed a classification system that discovered 2,173 security-critical EARs among 416 domains. This result shows that EARs are a serious and prevalent problem on the Internet today and deserve future research attention.

show abstract

Section: Related Workmentioning

confidence: 99%

EARs in the wild

Payet

Doupé

Kruegel

et al. 2013

Proceedings of the 28th Annual ACM Symposium on Applied Computing

View full text Add to dashboard Cite

show abstract

“…The reflected and stored XSS attacks in the context of PHP and Java can be detected by inspecting the execution [17]. The lack of input validation on the client side, which may cause operation space explosion problem, can be automatically discovered in Java Script running space [7].…”

Section: Detection Methods Based On Symbolic Executionmentioning

confidence: 99%

“…The software testing for venerability detection is mostly focused on test information collection, response analysis, improving test adequacy and accuracy, and performance evaluation [12,17]. Other related researches focus on the efficient generation of test data, recognition of test interface, and how to determine whether the actual output according with expectations [8,18] .…”

Section: Detection Methods Based On Software Testingmentioning

confidence: 99%

Review of XSS Attack and Detection on Web Applications

Zhao¹,

Wang²,

Ding³

2017

Proceedings of the International Conference on Computer Networks and Communication Technology (CNCT 2016)

View full text Add to dashboard Cite

Abstract. Aiming at the difficulties to prevent Web applications to be maliciously injected which are increased by all kinds of dynamic Web technologies applied, concentrate on XSS attack, this paper reviews the research progresses of Web application injection vulnerabilities detection in recent years. It summarizes the classification and causes of the XSS injection security vulnerabilities, analyzes the complexity of security vulnerabilities detection; then proposes the key technologies of the existing detection approached, including analyzing and identifying the injection points, injection detection by software analysis and testing, symbolic execution, taint analysis; finally presents its future development direction.

show abstract

“…White-box techniques usually resort to taint-analyses to identify which user inputs can flow into query statements [13,12,6,1,25,16,17]. The main limitations of these techniques are that they require access to the server side code, and are also bound to specific programming languages.…”

Section: Detection or Prevention Of Sql Injectionsmentioning

confidence: 99%

Search-based security testing of web applications

Thomé

Gorla

Zeller

2014

Proceedings of the 7th International Workshop on Search-Based Software Testing

View full text Add to dashboard Cite

SQL injections are still the most exploited web application vulnerabilities. We present a technique to automatically detect such vulnerabilities through targeted test generation. Our approach uses search-based testing to systematically evolve inputs to maximize their potential to expose vulnerabilities. Starting from an entry URL, our BIOFUZZ prototype systematically crawls a web application and generates inputs whose effects on the SQL interaction are assessed at the interface between Web server and database. By evolving those inputs whose resulting SQL interactions show best potential, BIOFUZZ exposes vulnerabilities on real-world Web applications within minutes. As a black-box approach, BIO-FUZZ requires neither analysis nor instrumentation of server code; however, it even outperforms state-of-the-art whitebox vulnerability scanners.

show abstract

Penetration Testing with Improved Input Vector Identification

Abstract: Abstract

Cited by 40 publications

References 18 publications

EARs in the wild

EARs in the wild

Review of XSS Attack and Detection on Web Applications

Search-based security testing of web applications

Contact Info

Product

Resources

About