Abstract
Logic vulnerabilities are an important class of programming flaws in web applications. These vulnerabilities occur when a desired property pertaining to an application's logic does not hold along certain paths in the application's code. Many analysis tools have been developed to find logic vulnerabilities in web applications. Given a web application with logic vulnerabilities, the question is whether one can design methods to patch application code and prevent these vulnerabilities from being exploited. We answer this question by developing an approach and tool called LogicPatcher for patching of logic vulnerabilities. We focus on correct patch placement, i.e. identifying the precise location in code where the patch code can be introduced, based on path profiling. As we show in this paper, finding the appropriate location as well as generating the right patch can get complicated and require deep code analysis. We demonstrate the utility of LogicPatcher by automatically fixing several critical parameter tampering and authorization vulnerabilities in large web applications.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Disclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.