Please use this identifier to cite or link to this item: https://idr.l3.nitk.ac.in/jspui/handle/123456789/10534
Full metadata record
DC FieldValueLanguage
dc.contributor.authorDeepa, G.-
dc.contributor.authorSanthi Thilagam, P.-
dc.contributor.authorPraseed, A.-
dc.contributor.authorPais, A.R.-
dc.date.accessioned2020-03-31T08:22:45Z-
dc.date.available2020-03-31T08:22:45Z-
dc.date.issued2018-
dc.identifier.citationJournal of Network and Computer Applications, 2018, Vol.109, , pp.89-109en_US
dc.identifier.urihttps://idr.nitk.ac.in/jspui/handle/123456789/10534-
dc.description.abstractWeb applications are subject to attacks by malicious users owing to the fact that the applications are implemented by software developers with insufficient knowledge about secure programming. The implementation flaws arising due to insecure coding practices allow attackers to exploit the application in order to perform adverse actions leading to undesirable consequences. These flaws can be categorized into injection and logic flaws. As large number of tools and solutions are available for addressing injection flaws, the focus of the attackers is shifting towards exploitation of logic flaws. The logic flaws allow attackers to compromise the application-specific functionality against the expectations of the stakeholders, and hence it is important to identify these flaws in order to avoid exploitation. Therefore, a prototype called DetLogic is developed for detecting different types of logic vulnerabilities such as parameter manipulation, access-control, and workflow bypass vulnerabilities in web applications. DetLogic employs black-box approach, and models the intended behavior of the application as an annotated finite state machine, which is subsequently used for deriving constraints related to input parameters, access-control, and workflows. The derived constraints are violated for simulating attack vectors to identify the vulnerabilities. DetLogic is evaluated against benchmark applications and is found to work effectively. 2018 Elsevier Ltden_US
dc.titleDetLogic: A black-box approach for detecting logic vulnerabilities in web applicationsen_US
dc.typeArticleen_US
Appears in Collections:1. Journal Articles

Files in This Item:
There are no files associated with this item.


Items in DSpace are protected by copyright, with all rights reserved, unless otherwise indicated.