Fix Me Up: Repairing Access-Control Bugs in Web Applications

Author(s): Sooel Son, Kathryn S. McKinley, Vitaly Shmatikov

Download: Paper (PDF)

Date: 24 Apr 2013

Document Type: Presentations

Additional Documents: Slides

Associated Event: NDSS Symposium 2013

Abstract:

Access-control policies in Web applications ensure that only authorized users can navigate to privileged pages, access databases, and perform other sensitive operations.  Unfortunately, errors in access-control logic are very common.  We present FixMeUp, a new static analysis tool that finds access-control bugs in PHP applications and generates repairs.