Browse wiki

From Navigators

Jump to: navigation, search
Publication:Paulo Antunes Tese
Abstract Web applications are ubiquitous in our eve Web applications are ubiquitous in our everyday lives, as they are deployed in the most diverse contexts and support a variety of services. The correctness of these applications, however, can be compromised by vulnerabilities left in their source code, often incurring in nefarious consequences, such as the theft of private data and the adulteration of information. This dissertation proposes a solution for the automatic detection and removal of vulnerabilities in web applications programmed in the PHP language. By monitoring the user interactions with the web applications with traditional attack discovery tools, it is possible to identify malicious inputs that are eventually provided by attackers. These inputs are then explored by a directed static analysis approach, allowing for the discovery of potential security issues and the correction of bugs in the program. The solution was implemented and validated with a set of vulnerable web applications. The experimental results demonstrate that the tool is capable of detecting and correcting SQL Injection and XSS vulnerabilities. In total 174 vulnerabilities were found in 5 web applications, where 2 of these were previously unknown by the research community (i.e., they were ”zero-day” vulnerabilities). e., they were ”zero-day” vulnerabilities).
Advisor Nuno Ferreira Neves + , Ibéria Medeiros +
Author Paulo Antunes +
Key Paulo Antunes Tese  +
Month oct  +
NumPubDate 2,018.1  +
Project Project:SEAL +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
School Mestrado em Engenharia Informática, Departamento de Informática, Faculdade de Ciências da Universidade de Lisboa  +
Title Monitoring Web Applications for Vulnerability Discovery and Removal under Attack  +
Type mastersthesis  +
Year 2018  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 4 October 2018 23:56:35  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.
Views
Personal tools
Toolbox
Navigators toolbox