Abstract
Web applications have become increasingly vulnerable and exposed to malicious attacks that could affect essential properties of information systems such as confidentiality, integrity, or availability. To cope with these threats, it is necessary to develop efficient security protection mechanisms and assessment techniques (firewall, intrusion detection system, Web scanner, etc.). This paper presents a new methodology, based on Web page clustering techniques, that is aimed at identifying the vulnerabilities of a Web application following a black box analysis of the target application. Each identified vulnerability is actually exploited to ensure that it does not correspond to a false positive. The proposed approach can also highlight different potential attack scenarios including the exploitation of several successive vulnerabilities, taking into account explicitly the dependencies between these vulnerabilities. We have focused in particular on code injection vulnerabilities, such as SQL injections. The proposed methodology led to the development of a new Web vulnerability scanner that has been validated experimentally on several examples of vulnerable applications.
Highlights
1.1 Introduction Web application vulnerabilities have become, in the recent years, a major threat to computer systems security. This is illustrated in, e.g., the IBM X-force 2012 mid-year trend and risk report which shows that Web application vulnerabilities including SQL injections and Cross-site scripting occupy the highest positions in computer threats [1]
1.2 Background and related work Most frequent attacks on Web servers include SQL injection attacks and code injection attacks (Flash, Javascript, etc., carried out through so-called Cross-site scripting or XSS attacks)
The identification of potential vulnerabilities is generally based on the characterization of responses of a Web server to crafted requests sent via the injection points and the ability to distinguish rejection pages and execution pages
Summary
1.1 Introduction Web application vulnerabilities have become, in the recent years, a major threat to computer systems security. Most frequent attacks on Web servers include SQL injection attacks (for Web servers connected to an SQL database) and code injection attacks (Flash, Javascript, etc., carried out through so-called Cross-site scripting or XSS attacks) These attacks generally correspond to the exploitation of the same kind of vulnerability related to the lack of sanitization of URL parameters or of HTML form inputs. An execution page is returned by the server as a consequence of a successful execution of the request This page may correspond to the ‘normal’ scenario, i.e., in the case of a legitimate use of the Web site, but may result from a successful exploitation of an injection attack. These latter requests are those we consider in this paper. The identification of potential vulnerabilities is generally based on the characterization of responses of a Web server to crafted requests sent via the injection points and the ability to distinguish rejection pages and execution pages
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
