Abstract
Modern web applications often interact with internal web services, which are not directly accessible to users. However, malicious user inputs can be used to exploit security vulnerabilities in web services through the application front-ends. Therefore, testing techniques have been proposed to reveal security flaws in the interactions with back-end web services, e.g., XML Injections (XMLi). Given a potentially malicious message between a web application and web services, search-based techniques have been used to find input data to mislead the web application into sending such a message, possibly compromising the target web service. However, state-of-the-art techniques focus on (search for) one single malicious message at a time.Since, in practice, there can be many different kinds of malicious messages, with only a few of them which can possibly be generated by a given front-end, searching for one single message at a time is ineffective and may not scale. To overcome these limitations, we propose a novel co-evolutionary algorithm (COMIX) that is tailored to our problem and uncover multiple vulnerabilities at the same time. Our experiments show that COMIX outperforms a single-target search approach for XMLi and other multi-target search algorithms originally defined for white-box unit testing.
Highlights
Web applications often rely on interactions with internal web services, e.g., SOAP (Curbera et al 2002) and REST (Fielding 2000)
RQ2: Is the execution time to achieve maximum coverage for a given set of Test Objectives (TOs) acceptable in practice? We investigate the performance of COMIX, which is the best approach according to the results from RQ1, from the perspective of security analysts who want to uncover as many XML Injections (XMLi) vulnerabilities as possible within practical execution time
We further extended this work in Jan et al (2017b) by investigating two additional optimization algorithms, namely Real-coded Genetic Algorithm (RGA) and Hill Climbing (H C)
Summary
Web applications often rely on interactions with internal web services, e.g., SOAP (Curbera et al 2002) and REST (Fielding 2000) This is a typical case for example in microservice architectures (Newman 2015). It consists of different components: front-end systems (typically web applications), an XML gateway/firewall, and the back-end web services or databases. The front-ends receive user inputs and generate XML messages, which are forwarded to the XML gateway/firewall At this stage, malicious XML messages are filtered out while the benign ones are sent to the back-end web services (or databases). Attackers may exploit XML-based vulnerabilities at any tier, e.g., targeting the front-end web application or the XML gateway/firewall. If the front-end is vulnerable to XMLi, an attacker may produce and send malicious XML messages to the back-end web services
Sign-in/Register to view highlights & summary Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
