[PDF]

Automated Detection of Client-State Manipulation

• Our starting point is a characterization of client-state manipulation vulnerabilities (Section II) that has con-siderable overlap with category A4 from the OWASP 2010 list of the most critical risks. In particular, we describe safety conditions under which the use of client state is likely not to cause vulnerabilities.

Automated Detection of Client-State Manipulation

Experiments on a collection of open-source Web applications indicate that the static analysis is able to effectively help the programmer prevent client-state manipulation vulnerabilities. The analysis detects a total of 4,802 client-state parameters in ten applications, whereof 4,437 are classified as safe and 241 reveal exploitable vulnerabilities.

Automated detection of client-state manipulation

Automated detection of client-state manipulation vulnerabilities Abstract: Web application programmers must be aware of a wide range of potential security risks. Although the most common pitfalls are well described and categorized in the literature, it remains a challenging task to ensure that all guidelines are followed.

Automated Detection of Client-State Manipulation

 ·

Many vulnerabilities are related to Web application code that stores references to application state in the generated HTML documents to work around the statelessness of the HTTP protocol. In this article, we show that such client-state manipulation vulnerabilities are amenable to tool-supported detection.

Automated Detection of Client-State Manipulation

Many vulnerabilities are related to web application code that stores references to application state in the generated HTML documents to work around the statelessness of the HTTP protocol. In this paper, we show that such client-state manipulation vulnerabilities are amenable to tool supported detection.

Automated Detection of Client-State Manipulation

Automated Detection of Client-State Manipulation Vulnerabilities . Cached. {Anders Møller and Mathias Schwarz}, title = {Automated Detection of Client-State Manipulation Vulnerabilities}, year This makes it possible to check how client-state manipulation performed by malicious users may affect the shared application state and cause

Automated detection of client-state manipulation

Many vulnerabilities are related to web application code that stores references to application state in the generated HTML documents to work around the statelessness of the HTTP protocol. In this paper, we show that such client-state manipulation vulnerabilities are amenable to tool supported detection.

Automated Detection of Client-State Manipulation – CORE

Many vulnerabilities are related to web application code that stores references to application state in the generated HTML documents to work around the statelessness of the HTTP protocol. In this paper, we show that such client-state manipulation vulnerabilities are amenable to tool supported detection.