Open AccessProceedings Article
Enemy of the state: a state-aware black-box web vulnerability scanner
Adam Doupé,Ludovico Cavedon,Christopher Kruegel,Giovanni Vigna +3 more
- pp 26-26
TLDR
It is shown that the state-aware black-box web vulnerability scanner is able to not only exercise more code of the web application, but also discover vulnerabilities that other vulnerability scanners miss.Abstract:
Black-box web vulnerability scanners are a popular choice for finding security vulnerabilities in web applications in an automated fashion. These tools operate in a point-and-shootmanner, testing any web application-- regardless of the server-side language--for common security vulnerabilities. Unfortunately, black-box tools suffer from a number of limitations, particularly when interacting with complex applications that have multiple actions that can change the application's state. If a vulnerability analysis tool does not take into account changes in the web application's state, it might overlook vulnerabilities or completely miss entire portions of the web application.
We propose a novel way of inferring the web application's internal state machine from the outside--that is, by navigating through the web application, observing differences in output, and incrementally producing a model representing the web application's state.
We utilize the inferred state machine to drive a black-box web application vulnerability scanner. Our scanner traverses a web application's state machine to find and fuzz user-input vectors and discover security flaws. We implemented our technique in a prototype crawler and linked it to the fuzzing component from an open-source web vulnerability scanner.
We show that our state-aware black-box web vulnerability scanner is able to not only exercise more code of the web application, but also discover vulnerabilities that other vulnerability scanners miss.read more
Citations
More filters
State of the art automated black-box web application vulnerability testing
TL;DR: The results show the promise and effectiveness of automated tools, as a group, and also some limitations, and in particular, "stored" forms of Cross Site Scripting and SQL Injection vulnerabilities are not currently found by many tools.
Posted Content
The Art, Science, and Engineering of Fuzzing: A Survey
Valentin J. M. Manès,HyungSeok Han,Choongwoo Han,Sang Kil Cha,Manuel Egele,Edward J. Schwartz,Maverick Woo +6 more
TL;DR: This paper presents a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature, and methodically explores the design decisions at every stage of the model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective.
Posted Content
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
TL;DR: This paper introduces a methodology and implements a scalable framework for discovery of vulnerabilities in embedded web interfaces regardless of the devices' vendor, type, or architecture, and presents the first fully automated framework that applies dynamic firmware analysis techniques to achieve automated vulnerability discovery within embedded firmware images.
Journal ArticleDOI
The Art, Science, and Engineering of Fuzzing: A Survey
Valentin J. M. Manès,HyungSeok Han,Choongwoo Han,Sang Kil Cha,Manuel Egele,Edward J. Schwartz,Maverick Woo +6 more
TL;DR: In this article, a unified, general-purpose model of fuzzing together with a taxonomy of the current fuzzing literature is presented, and the design decisions at every stage of the model fuzzer by surveying the related literature and innovations in the art, science, and engineering that make modern-day fuzzers effective.
Proceedings ArticleDOI
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
TL;DR: In this paper, the authors present the first fully automated framework that applies dynamic firmware analysis techniques to achieve, in a scalable manner, automated vulnerability discovery within embedded firmware images, and apply their framework to study the security of embedded web interfaces running in Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable modems, VoIP phones, IP/CCTV cameras.
References
More filters
Journal ArticleDOI
A note on two problems in connexion with graphs
TL;DR: A tree is a graph with one and only one path between every two nodes, where at least one path exists between any two nodes and the length of each branch is given.
Proceedings ArticleDOI
The Eucalyptus Open-Source Cloud-Computing System
Daniel Nurmi,Rich Wolski,Chris Grzegorczyk,Graziano Obertelli,Sunil Soman,Lamia Youseff,Dmitrii Zagorodnov +6 more
TL;DR: This work presents Eucalyptus -- an open-source software framework for cloud computing that implements what is commonly referred to as Infrastructure as a Service (IaaS); systems that give users the ability to run and control entire virtual machine instances deployed across a variety physical resources.
Ajax: A New Approach to Web Applications
TL;DR: The same simplicity that enabled the Web’s rapid proliferation also creates a gap between the experiences Web interaction designers can provide and the experiences users can get from a desktop application.
Book
Graph Coloring Problems
Tommy R. Jensen,Bjarne Toft +1 more
TL;DR: In this article, the Conjectures of Hadwiger and Hajos are used to define graph types, such as planar graph, graph on higher surfaces, and critical graph.