LogInjector: Detecting Web Application Log Injection Vulnerabilities
نویسندگان
چکیده
Web applications widely use the logging functionality, but improper handling can bring serious security threats. An attacker trigger execution of malicious data by writing to web application logs and then accessing view–logs interface, resulting in a vulnerability log injection. However, detecting this type requires automatic discovery log-injectable interfaces interfaces, which is difficult. In addition, bypasssing application-specific input-filtering checks write an effective payload also challenging. This paper proposes LogInjector, efficient injection detection method. First, it obtains storage form location finds through extended dynamic crawler. Second, automatically identifies interfaces. Finally, LogInjector utilizes testing approach based on feedback-guided mutation detect vulnerabilities. To verify effectiveness we test 14 popular real-world cases compare with Black Widow, state-of-the-art scanner. detects 16 vulnerabilities, including 6 zero-day while Widow only three demonstrating practice.
منابع مشابه
Program Analyses of Web Applications for Detecting Application-Specific Vulnerabilities
Web applications are prevalent in the modern era, regulating access to sensitive information, functionality and resources. Due to the difficulty in designing and implementing proper security checks for untrusted user inputs and actions, web applications often fall victim to various online attacks. In particular, application-specific vulnerabilities are easy to exploit and often have severe cons...
متن کاملWeb Application Vulnerabilities Monitoring & Avoiding Techniques
In recent years the great advances have occurred in the field of Information & Technology, there are several services provided by the I.T. to an ordinary user some of them may possibly depend on each other, as we know the critical aspect is Information on which everything depends. As the globalization increases the information regarding every prospective is also get increased ,so it is very nec...
متن کاملPixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Technical Report)
The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable Web applications ...
متن کاملPixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable Web applications ...
متن کاملMobile Application Web API Reconnaissance: Web-to-Mobile Inconsistencies & Vulnerabilities
Modern mobile apps use cloud-hosted HTTP-based API services and heavily rely on the Internet infrastructure for data communication and storage. To improve performance and leverage the power of the mobile device, input validation and other business logic required for interfacing with web API services are typically implemented on the mobile client. However, when a web service implementation fails...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Applied sciences
سال: 2022
ISSN: ['2076-3417']
DOI: https://doi.org/10.3390/app12157681