Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing

نویسندگان

Andrey Petukhov

Dmitry Kozlov

چکیده

The number of reported web application vulnerabilities is increasing dramatically. The most of vulnerabilities result from improper input validation. This paper presents extensions to the Tainted Mode model which allows intermodule vulnerabilities detection. Besides, this paper presents a new approach to vulnerability analysis which incorporates advantages of penetration testing and dynamic analysis. This approach effectively utilizes the extended Tainted Mode model.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Detection and Mitigation of Web Application Vulnerabilities Based on Security Testing

The paper proposes a security testing technique to detect known vulnerabilities of web applications using both static and dynamic analysis. We also present a process to improve the security of web applications by mitigating many of the vulnerabilities revealed in the testing phase, and address a new method for detecting unknown vulnerabilities by applying dynamic black-box testing based on a fu...

متن کامل

Improving penetration testing through static and dynamic analysis

Penetration testing is widely used to help ensure the security of web applications. Using penetration testing, testers discover vulnerabilities by simulating attacks on a target web application. To do this efficiently, testers rely on automated techniques that gather input vector information about the target web application and analyze the application’s responses to determine whether an attack ...

متن کامل

Improving the Adoption of Dynamic Web Security Vulnerability Scanners

Security vulnerabilities remain present in many web applications despite the improving knowledge base on vulnerabilities. Attackers can exploit such security vulnerabilities to extract critical data from web applications and their users. Many dynamic security vulnerability scanners exist that try to automatically find such security vulnerabilities. We studied the adoption of these tools and fou...

متن کامل

Semi-Automatic Security Testing of Web Applications with Fault Models and Properties

Web applications are complex and face a significant amount of complex attacks, as well. The complexity makes manual testing of web applications for security issues hard and time consuming, thus, automated testing is preferable. To tackle the complexity, we propose a (semi-)automatic model-based testing approach. Using models, test cases are often generated using structural criteria. Since such ...

متن کامل

Automatic Detection of Vulnerabilities in Web Applications using Fuzzing

Automatic detection of vulnerabilities is a problem studied in literature and a very important concern in application development with security requirements. Fuzzing is a software testing technique, automated or semi-automated, that involves injecting a massive quantity of semi-random inputs in software in order to find security vulnerabilities. Many vulnerability detection techniques need manu...

متن کامل

ذخیره در منابع من

ذخیره در منابع من قبلا به منابع من ذحیره شده

{@ msg_add @}

با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:

دوره شماره

صفحات -

تاریخ انتشار 2008

Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing

نویسندگان

چکیده

منابع مشابه

Detection and Mitigation of Web Application Vulnerabilities Based on Security Testing

Improving penetration testing through static and dynamic analysis

Improving the Adoption of Dynamic Web Security Vulnerability Scanners

Semi-Automatic Security Testing of Web Applications with Fault Models and Properties

Automatic Detection of Vulnerabilities in Web Applications using Fuzzing

عنوان ژورنال:

اشتراک گذاری