Detecting Logic Vulnerabilities in E-Commerce Applications
Download: Paper (PDF)
Date: 22 Feb 2014
Document Type: Briefing Papers
Additional Documents: Slides
Associated Event: NDSS Symposium 2014
Abstract:
This paper describes the first technique to statically detect logic vulnerabilities in e-commerce applications. It formulates a general notion of correct payment logic and validates proper conformance via symbolic execution and taint analysis. A prototype implementation has revealed 11 new, easily exploitable vulnerabilities in widely-deployed open-source e-commerce software.