An automated black box approach for web vulnerability identification and attack scenario generation

Rim Akrout, Eric Alata, Mohamed Kaaniche, Vincent Nicomette
<span title="2014-01-23">2014</span> <i title="Springer Nature America, Inc"> <a target="_blank" rel="noopener" href="https://fatcat.wiki/container/vct5ya6gxbcelemee3tlxkwmiu" style="color: black;">Journal of the Brazilian Computer Society</a> </i> &nbsp;
Web applications have become increasingly vulnerable and exposed to malicious attacks that could affect essential properties of information systems such as confidentiality, integrity, or availability. To cope with these threats, it is necessary to develop efficient security protection mechanisms and assessment techniques (firewall, intrusion detection system, Web scanner, etc.). This paper presents a new methodology, based on Web page clustering techniques, that is aimed at identifying the
more &raquo; ... rabilities of a Web application following a black box analysis of the target application. Each identified vulnerability is actually exploited to ensure that it does not correspond to a false positive. The proposed approach can also highlight different potential attack scenarios including the exploitation of several successive vulnerabilities, taking into account explicitly the dependencies between these vulnerabilities. We have focused in particular on code injection vulnerabilities, such as SQL injections. The proposed methodology led to the development of a new Web vulnerability scanner that has been validated experimentally on several examples of vulnerable applications.
<span class="external-identifiers"> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1186/1678-4804-20-4">doi:10.1186/1678-4804-20-4</a> <a target="_blank" rel="external noopener" href="https://fatcat.wiki/release/k5dose6iqveixoof4zralod2ku">fatcat:k5dose6iqveixoof4zralod2ku</a> </span>
<a target="_blank" rel="noopener" href="https://web.archive.org/web/20140709162711/http://www.journal-bcs.com/content/pdf/1678-4804-20-4.pdf" title="fulltext PDF download" data-goatcounter-click="serp-fulltext" data-goatcounter-title="serp-fulltext"> <button class="ui simple right pointing dropdown compact black labeled icon button serp-button"> <i class="icon ia-icon"></i> Web Archive [PDF] <div class="menu fulltext-thumbnail"> <img src="https://blobs.fatcat.wiki/thumbnail/pdf/af/fe/affe40e8032ae42f757f111d2cee558bab8ba88e.180px.jpg" alt="fulltext thumbnail" loading="lazy"> </div> </button> </a> <a target="_blank" rel="external noopener noreferrer" href="https://doi.org/10.1186/1678-4804-20-4"> <button class="ui left aligned compact blue labeled icon button serp-button"> <i class="unlock alternate icon" style="background-color: #fb971f;"></i> springer.com </button> </a>