A formal and automated approach to exploiting multi-stage attacks of web applications

Meo Federico De; Vigano Luca

首页> 外文期刊>Journal of computer security >A formal and automated approach to exploiting multi-stage attacks of web applications

【24h】

A formal and automated approach to exploiting multi-stage attacks of web applications

机译：一种用于利用Web应用程序的多阶段攻击的正式和自动化方法

获取原文

开具论文收录证明 >>

页面导航

摘要
著录项
引文网络
相似文献
相关主题

摘要

We propose a formal and automated approach that allows one to (i) reason about vulnerabilities of web applications and (ii) combine multiple vulnerabilities for the identification of complex, multi-stage attacks. We have developed WAFEx, an automatic tool that implements our approach and we show its efficiency by applying it to real-world case studies. WAFEx was able to generate, and exploit, previously unknown attacks.

机译：我们提出了一种正式和自动化的方法，允许一（i）漏洞的脆弱性以及（ii）组合多漏电的多漏，多阶段攻击。我们开发了Wafex，这是一种实现我们方法的自动工具，并通过将其应用于现实世界的案例研究来展示其效率。 Wafex能够生成和利用以前未知的攻击。

著录项

来源
《Journal of computer security》 |2020年第5期|525-576|共52页
作者
Meo Federico De; Vigano Luca;
展开▼
作者单位

Univ Verona Dipartimento Informat Verona Italy;

Kings Coll London Dept Informat London England;

展开▼
收录信息美国《工程索引》(EI);
原文格式 PDF
正文语种 eng
中图分类
关键词
Security testing; vulnerability assessment; penetration testing; model checking; web applications; formal methods; SQL injection; cross-site scripting; cross-site request forgery; file-system related vulnerabilities;

机译：安全测试;漏洞评估;渗透测试;模型检查;Web应用程序;正式方法;SQL注射;跨站点脚本;跨站点请求伪造;文件系统相关漏洞;

相似文献

外文文献
中文文献
专利

1. Commix: automating evaluation and exploitation of command injection vulnerabilities in Web applications [J] . Stasinopoulos Anastasios, Ntantogian Christoforos, Xenakis Christos International Journal of Information Security . 2019,第1期

机译：Commix：在Web应用程序中自动化评估和开发命令注入漏洞
2. Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications [J] . Shashank Gupta, B.B. Gupta Procedia Computer Science . 2016,第1期

机译：在PHP Web应用程序中自动发现JavaScript代码注入攻击
3. A rewriting logic approach to the formal specification and verification of web applications [J] . Maria Alpuente, Demis Ballis, Daniel Romero Science of Computer Programming . 2014,第Feba15期

机译：Web应用程序正式规范和验证的重写逻辑方法
4. A Formal Approach to Exploiting Multi-stage Attacks Based on File-System Vulnerabilities of Web Applications [C] . Federico De Meo, Luca Viganò Engineering secure software and systems . 2017

机译：基于Web应用程序文件系统漏洞的利用多阶段攻击的形式化方法
5. A unified cyber-enhanced approach for detecting cross-site scripting attacks on Web applications [D] . Gurijala, Bhanukiran 2016

机译：一种用于检测Web应用程序上跨站点脚本攻击的统一的网络增强方法
6. MetiTree: a web application to organize and process high-resolution multi-stage mass spectrometry metabolomics data [O] . Miguel Rojas-Chertó, Michael van Vliet, Julio E. Peironcely, -1

机译：MetiTree：用于组织和处理高分辨率多级质谱代谢组学数据的Web应用程序
7. Transitioning Applications to Semantic Web Services: An Automated Formal Approach [O] . Wang Hai H., Gibbins Nick, Payne Terry, 2008

机译：将应用程序转换为语义Web服务：一种自动化的形式化方法
8. Formal Methods for Information Protection Technology Task 1: Formal Grammar-Based Approach and Tool for Simulation Attacks against Computer Network Part II [R] . Karsayev, O. V. , Kotenko, I. V. 2004

机译：信息保护技术的形式化方法任务1：基于形式语法的方法和模拟计算机网络攻击工具第二部分

A formal and automated approach to exploiting multi-stage attacks of web applications

摘要

著录项

引文网络

相似文献

相关主题

期刊订阅