Automatic Generation of XSS and SQL Injection Attacks With Goal-Directed Model Checking
Source: Stanford University
Cross-site scripting (XSS) and SQL injection errors are two prominent examples of taint-based vulnerabilities that have been responsible for a large number of security breaches in recent years. This paper presents QED, a goal-directed model-checking system that automatically generates attacks exploiting taint-based vulnerabilities in large Java web applications. This is the first time where model checking has been used successfully on real-life Java programs to create attack sequences that consist of multiple HTTP requests. QED accepts any Java web application that is written to the standard servlet specification.
| Format: | Size: | 167.50 | |
| Date: | May 2008 |
People who downloaded this item also downloaded
- Unraveling Web Malware
- A Framework for Detection and Measurement of Phishing Attacks
- Visual-Similarity-Based Phishing Detection
- Code-Injection Attacks in Browsers Supporting Policies
- Securing Web Applications From Common Hacking Techniques
