Author(s): Fangqi Sun, Liang Xu, Zhendong Su

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

This paper describes the first technique to statically detect logic vulnerabilities in e-commerce applications. It formulates a general notion of correct payment logic and validates proper conformance via symbolic execution and taint analysis. A prototype implementation has revealed 11 new, easily exploitable vulnerabilities in widely-deployed open-source e-commerce software.