Fix Me Up: Repairing Access-Control Bugs in Web Applications
Author(s): Sooel Son, Kathryn S. McKinley, Vitaly Shmatikov
Download: Paper (PDF)
Date: 24 Apr 2013
Document Type: Presentations
Additional Documents: Slides
Associated Event: NDSS Symposium 2013
Access-control policies in Web applications ensure that only authorized users can navigate to privileged pages, access databases, and perform other sensitive operations. Unfortunately, errors in access-control logic are very common. We present FixMeUp, a new static analysis tool that finds access-control bugs in PHP applications and generates repairs.