Author(s): Giancarlo Pellegrino, Davide Balzarotti

Download: Paper (PDF)

Date: 22 Feb 2014

Document Type: Briefing Papers

Additional Documents: Slides

Associated Event: NDSS Symposium 2014

Abstract:

In this paper we present a black-box testing technique to detect logic vulnerabilities in web applications. Our technique is based on the automatic identification of a number of behavioral patterns starting from few network traces in which users interact with a certain application’s functionality. Based on the extracted model, we then generate targeted test cases following a number common attacks patterns. We applied our technique against seven eCommerce web applications detecting 10 previously-unknown logic flaws.