首页> 外文会议>Engineering secure software and systems >A Formal Approach to Exploiting Multi-stage Attacks Based on File-System Vulnerabilities of Web Applications

【24h】

A Formal Approach to Exploiting Multi-stage Attacks Based on File-System Vulnerabilities of Web Applications

机译：基于Web应用程序文件系统漏洞的利用多阶段攻击的形式化方法

获取原文

获取原文并翻译 | 示例

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

We propose a formal approach that allows one to (i) reason about file-system vulnerabilities of web applications and (ii) combine file-system vulnerabilities and SQL-Injection vulnerabilities for complex, multi-stage attacks. We have developed an automatic tool that implements our approach and we show its efficiency by discussing four real-world case studies, which are witness to the fact that our tool can generate, and exploit, attacks that, to the best of our knowledge, no other tool for the security of web applications can find.

机译：我们提出了一种正式的方法，该方法允许（i）关于Web应用程序的文件系统漏洞的原因，以及（ii）结合使用文件系统漏洞和SQL注入漏洞来进行复杂的多阶段攻击。我们已经开发出一种自动工具来实现我们的方法，并且通过讨论四个实际案例研究来证明其效率，这些案例研究证明了我们的工具可以生成和利用攻击，而据我们所知，没有可以找到其他用于Web应用程序安全的工具。

著录项

来源
《Engineering secure software and systems》|2017年|196-212|共17页
会议地点 Bonn(DE)
作者
Federico De Meo; Luca Viganò;
展开▼
作者单位

Dipartimento di Informatica, Universita degli Studi di Verona, Verona, Italy;

Department of Informatics, King's College London, London, UK;

展开▼
会议组织
原文格式 PDF
正文语种 eng
中图分类
关键词

相似文献

外文文献
中文文献
专利

1. A formal and automated approach to exploiting multi-stage attacks of web applications [J] . Meo Federico De, Vigano Luca Journal of computer security . 2020,第5期

机译：一种用于利用Web应用程序的多阶段攻击的正式和自动化方法
2. Investigation framework of web applications vulnerabilities, attacks and protection techniques in structured query language injection attacks [J] . Nabeel Salih Ali International journal of wireless and mobile computing . 2018,第2期

机译：结构化查询语言注入攻击中Web应用程序漏洞，攻击和保护技术的调查框架
3. Gua de ataques, vulnerabilidades, tcnicas y herramientas para aplicaciones Web - Guide of attacks, vulnerabilities, techniques and tools for Web application [J] . Ana Laura Hernndez Saucedo, Jezreel Mejia Miranda RECIBE . 2015,第1期

机译：Web应用程序的攻击，漏洞，技术和工具指南-Web应用程序的攻击，漏洞，技术和工具指南
4. A Formal Approach to Exploiting Multi-stage Attacks Based on File-System Vulnerabilities of Web Applications [C] . Federico De Meo, Luca Vigano International Symposium on Engineering Secure Software and Systems . 2017

机译：一种基于Web应用程序的文件系统漏洞利用多阶段攻击的正式方法
5. A unified cyber-enhanced approach for detecting cross-site scripting attacks on Web applications [D] . Gurijala, Bhanukiran 2016

机译：一种用于检测Web应用程序上跨站点脚本攻击的统一的网络增强方法
6. Vulnerability Assessment of IPv6 Websites to SQL Injection and Other Application Level Attacks [O] . Ying-Chiang Cho, Jen-Yi Pan 2013

机译：IPv6网站对SQL注入和其他应用程序级别攻击的漏洞评估
7. Formal Analysis of Vulnerabilities of Web Applications Based on SQL Injection [O] . De Meo Federico, Rocchetto Marco, Vigano Luca 2016

机译：基于SQL注入的Web应用程序漏洞的形式分析
8. Formal Methods for Information Protection Technology Task 1: Formal Grammar-Based Approach and Tool for Simulation Attacks against Computer Network Part II [R] . Karsayev, O. V. , Kotenko, I. V. 2004

机译：信息保护技术的形式化方法任务1：基于形式语法的方法和模拟计算机网络攻击工具第二部分

A Formal Approach to Exploiting Multi-stage Attacks Based on File-System Vulnerabilities of Web Applications

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅