Developer

Tailored Shielding and Bypass Testing of Web Applications

Date Added: Mar 2011
Format: PDF

User input validation is a technique to counter attacks on web applications. In typical client-server architectures, this validation is performed on the client side. This is inefficient because hackers bypass these checks and directly send malicious data to the server. User input validation thus has to be duplicated from the client-side (HTML pages) to the server-side (PHP or JSP, etc.). The authors present a black-box approach for shielding and testing web application against bypass attacks. They automatically analyze HTML pages in order to extract all the constraints on user inputs in addition to the JavaScript validation code. Then, they leverage these constraints for an automated synthesis of a shield, a reverse-proxy tool that protects the server side.