Abstract

We propose a formal and automated approach that allows one to (i) reason about vulnerabilities of web applications and (ii) combine multiple vulnerabilities for the identification of complex, multi-stage attacks. We have developed WAFEx, an automatic tool that implements our approach and we show its efficiency by applying it to real-world case studies. WAFEx was able to generate, and exploit, previously unknown attacks.

Full Text
Paper version not known

Talk to us

Join us for a 30 min session where you can share your feedback and ask us any queries you have

Schedule a call

Similar Papers

Paper Title
Journal
Date
Author
Test SQL injection vulnerabilities in web applications based on structure matching
Haiyan Wu ... Chunyu Miao
-
Haiyan Wu, et. al. Haiyan Wu ... Chunyu Miao
01 Dec 2011
Patching Logic Vulnerabilities for Web Applications using LogicPatcher
Maliheh Monshizadeh ... V.N Venkatakrishnan
-
Maliheh Monshizadeh, et. al.Maliheh Monshizadeh ... V.N Venkatakrishnan
09 Mar 2016
A Proposed Framework of VAPT Services in Web Application Deployed on Infrastructure as a Service (Iaas)
Noraida Haji Ali
Journal of Electrical Systems | VOL. 20
Noraida Haji Ali Noraida Haji Ali
08 Apr 2024
JCOMIX: a search-based tool to detect XML injection vulnerabilities in web applications
Dimitri Michel Stallenberg ... Annibale Panichella
-
Dimitri Michel Stallenberg, et. al.Dimitri Michel Stallenberg ... Annibale Panichella
12 Aug 2019
View more papers

More From: Journal of Computer Security

Paper Title
Journal
Date
Author
E-Tenon: An efficient privacy-preserving secure open data sharing scheme for EHR system
Prosanta Gope ... Jianting Ning
Journal of Computer Security | VOL. 32
Prosanta Gope, et. al.Prosanta Gope ... Jianting Ning
26 Aug 2024
DSLR–: A low-overhead data structure layout randomization for defending data-oriented programming
Jin Wei ... Ping Chen
Journal of Computer Security | VOL. 32
Jin Wei, et. al.Jin Wei ... Ping Chen
17 Jun 2024
Analysis of neural network detectors for network attacks
Qingtian Zou ... Anoop Singhal
Journal of Computer Security | VOL. 32
Qingtian Zou, et. al.Qingtian Zou ... Anoop Singhal
17 Jun 2024
Proactive enforcement of provisions and obligations
David Basin ... Søren Debois
Journal of Computer Security | VOL. 32
David Basin, et. al.David Basin ... Søren Debois
17 Jun 2024
View more papers

Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.