Abstract
This paper proposes to test web applications and generate the feasible exploits automatically, including cross-site scripting and SQL injection attacks. We test the web applications with initial random inputs by detecting symbolic queries to SQL servers or symbolic responses to HTTP servers. After symbolic outputs detected, we are able to generate attack strings and reproduce the results, emulating the manual attack behavior. In contrast with other traditional detection and prevention methods, we can determine the presence of vulnerabilities and prove the feasibility of attacks. This automatic generation process is based on a dynamic software testing method-symbolic execution by S2E. We have applied this automatic process to several known vulnerabilities on large-scale open source web applications, and generated the attack strings successfully. Our method is web platform independent, covering PHP, JSP, Rails, and Django due to the supports of the whole system environment of S2E.
| Original language | English |
|---|---|
| Pages | 208-217 |
| Number of pages | 10 |
| DOIs | |
| State | Published - 2013 |
| Event | 7th International Conference on Software Security and Reliability, SERE 2013 - Gaithersburg, MD, United States Duration: 18 Jun 2013 → 20 Jun 2013 |
Conference
| Conference | 7th International Conference on Software Security and Reliability, SERE 2013 |
|---|---|
| Country/Territory | United States |
| City | Gaithersburg, MD |
| Period | 18/06/13 → 20/06/13 |
Keywords
- Web security
- automatic exploit generation
- symbolic execution