Automatic Detection of Inadequate Authorization Checks in Web Applications

Gaps in the enforcement of access control policy of a software system can lead to privilege escalation, allowing unauthorized access to sensitive resources and operations. The presenter describe a novel technique to automatically detect missing and inconsistent authorization checks in web applications with static analysis and conclude with empirical results of using their approach on real-world applications.

Provided by: SecurityTube.net Topic: Software Date Added: Jun 2014 Format: Webcast

Find By Topic