Automated Detection of HPP Vulnerabilities in Web Applications

نویسنده

Marco ‘embyte’ Balduzzi

چکیده

2 HTTP Parameter Pollution Attacks 3 2.1 Parameter Precedence in Web Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 2.2 Parameter Pollution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 2.2.1 Cross-Channel Pollution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.2 HPP to bypass CSRF tokens . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 2.2.3 Bypass WAFs input validation checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

Automated Discovery of Parameter Pollution Vulnerabilities in Web Applications

In the last twenty years, web applications have grown from simple, static pages to complex, full-fledged dynamic applications. Typically, these applications are built using heterogeneous technologies and consist of code that runs both on the client and on the server. Even simple web applications today may accept and process hundreds of different HTTP parameters to be able to provide users with ...

متن کامل

Automatic Detection of Vulnerabilities in Web Applications using Fuzzing

Automatic detection of vulnerabilities is a problem studied in literature and a very important concern in application development with security requirements. Fuzzing is a software testing technique, automated or semi-automated, that involves injecting a massive quantity of semi-random inputs in software in order to find security vulnerabilities. Many vulnerability detection techniques need manu...

متن کامل

Toward Automated Detection of Logic Vulnerabilities in Web Applications

Web applications are the most common way to make services and data available on the Internet. Unfortunately, with the increase in the number and complexity of these applications, there has also been an increase in the number and complexity of vulnerabilities. Current techniques to identify security problems in web applications have mostly focused on input validation flaws, such as crosssite scr...

متن کامل

Program Analyses of Web Applications for Detecting Application-Specific Vulnerabilities

Web applications are prevalent in the modern era, regulating access to sensitive information, functionality and resources. Due to the difficulty in designing and implementing proper security checks for untrusted user inputs and actions, web applications often fall victim to various online attacks. In particular, application-specific vulnerabilities are easy to exploit and often have severe cons...

متن کامل