Application Vulnerabilities Research Articles

Overview

423 Articles

Published in last 50 years

Articles published on Application Vulnerabilities

411 Search results

Artemis: Toward Accurate Detection of Server-Side Request Forgeries through LLM-Assisted Inter-procedural Path-Sensitive Taint Analysis

Server-side request forgery (SSRF) vulnerabilities are inevitable in PHP web applications. Existing static tools in detecting vulnerabilities in PHP web applications neither contain SSRF-related features to enhance detection accuracy nor consider PHP’s dynamic type features. In this paper, we present Artemis, a static taint analysis tool for detecting SSRF vulnerabilities in PHP web applications. First, Artemis extracts both PHP built-in and third-party functions as candidate source and sink functions. Second, Artemis constructs both explicit and implicit call graphs to infer functions’ relationships. Third, Artemis performs taint analysis based on a set of rules that prevent over-tainting and pauses when SSRF exploitation is impossible. Fourth, Artemis analyzes the compatibility of path conditions to prune false positives. We have implemented a prototype of Artemis and evaluated it on 250 PHP web applications. Artemis reports 207 true vulnerable paths (106 true SSRFs) with 15 false positives. Of the 106 detected SSRFs, 35 are newly found and reported to developers, with 24 confirmed and assigned CVE IDs.

Editage

Paperpal

R Discovery

Mind the Graph

Application Vulnerabilities Research Articles

Related Topics

Articles published on Application Vulnerabilities

Artemis: Toward Accurate Detection of Server-Side Request Forgeries through LLM-Assisted Inter-procedural Path-Sensitive Taint Analysis

THE PIVOTAL ROLE OF INFORMATION GATHERING IN WEB APPLICATION TESTING

CipherScan: An Advanced Web Application Vulnerability Scanner for Enhanced Cybersecurity

Quantitative WEB Application Vulnerability Assessment using SAST Methodology

"Advancements in Ethical Hacking Techniques and Tools: Strengthening Cybersecurity Resilience"

Access Restricted: A Study of Broken Access Control Vulnerabilities

Design and Implementation of Distributed Web Application Vulnerability Assessment Tools for Securing Complex Microservices Environment

WEB VULNERABILITIES DETECTION USING A HYBRID MODEL OF CNN, GRU AND ATTENTION MECHANISM

UniEmbed: A Novel Approach to Detect XSS and SQL Injection Attacks Leveraging Multiple Feature Fusion with Machine Learning Techniques

SQL-Injection Vulnerability Scanning Tool for Automatic Creation of SQL-Injection Attacks

Blending Static and Dynamic Analysis for Web Application Vulnerability Detection: Methodology and Case Study

Detecting Security Vulnerabilities in Web Applications: A Proposed System

Intelligent Platform for Automating Vulnerability Detection in Web Applications

Web-based Vulnerability Analysis and Detection

A method for finding web application vulnerabilities using the ChatGPT API

Identifying and Mitigating Web Application Vulnerabilities: A Comparative Study of Countermeasures and Tools

Using Generative AI Models to Support Cybersecurity Analysts

Comparative Analysis of Machine Learning Algorithms for Cross-Site Scripting (XSS) Attack Detection

Identification of SQL Injection Security Vulnerabilities in Web applications Based on Binary Code Similarity

Timing Side-Channel Mitigation via Automated Program Repair