Abstract
Web application vulnerability scanners cannot detect business logic vulnerabilities (vulnerabilities related to logic) because they are not able to understand business logic of the web application. In order to identify business logic of the web application, this paper presents BLProM, the black box approach that identifies business processes of the web application. Detecting business processes of the web applications can be used in dynamic security testing to determine business logic vulnerabilities in the web applications. BLProM first extracts navigation graph of the web application then identifies business processes from the navigation graph. The evaluation conducted on three well-known open source web applications shows that BLProM is able to detect business logic processes. Experimental results show that BLProM improves web application scanning because it clusters web application pages and prevent scanning similar pages. The proposed approach is compared to OWASP ZAP, an open source web scanner. We show that BLProM improves web application scanning about % 96.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
