Semantic web Racer: Dynamic security testing of the web application against race condition in the business layer

Abstract

The parallel execution of multiple threads of a web application will cause races if the web application is not synchronized correctly. Detecting the race condition in web applications depends on the application’s business logic. No logic-aware approach has been presented so far for detecting various race conditions in web applications. The existing approaches only detect part of server-side races or a few client-side race conditions. Most existing approaches result in DoS or they have a high vulnerability detection time.In this study, various race conditions existing in a web application, both on the server-side and on the client-side, are classified and described. In addition, we present Semantic Web Racer, a black-box approach for dynamic application security testing, to detect the business-layer vulnerability of the web application against race conditions both on the server-side and on the client-side. Semantic Web Racer detects race conditions by identifying the business logic of the web application. First, it identifies the business processes in the web application and, by defining a trace pattern for each type of race condition, identifies critical business processes. The detected critical processes are performed in the defined race window in both normal mode and race-prone mode, and the results are checked to identify vulnerabilities.The evaluation of well-known and widely used web applications and web pages shows that Semantic Web Racer can detect the business layer vulnerabilities of these applications against race conditions. Experiments showed that out of 38 detected race conditions by Semantic Web Racer in selected applications, 24 are new vulnerabilities that were not identified by related works. The amount of traffic generated to identify vulnerabilities has been improved by about 98.29% by identifying the business layer of the application. Thus, Semantic Web Racer does not result in DoS. Semantic Web Racer has improved race detection time by about 96.78%.