Toward Black-Box Detection of Logic Flaws in Web Applications
Download: Paper (PDF)
Date: 22 Feb 2014
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2014
Abstract:
In this paper we present a black-box testing technique to detect logic vulnerabilities in web applications. Our technique is based on the automatic identification of a number of behavioral patterns starting from few network traces in which users interact with a certain application’s functionality. Based on the extracted model, we then generate targeted test cases following a number common attacks patterns. We applied our technique against seven eCommerce web applications detecting 10 previously-unknown logic flaws.