System and a method for automatically detecting security vulnerabilities in client-server applications
作者: Timothy Hinrichs , Venkatesan Natarajan Venkatakrishnan , Prithvi Bisht
DOI:
关键词:
摘要: A method for automatically detecting security vulnerabilities in a client-server application where client is connected to server. The implemented by computer having processor and software program stored on non-transitory readable medium. includes extracting, with the at client, description of one or more validation checks inputs performed client. also analyzing server, using determine whether server not performing that must be performing. further determining exist when proposes preventing parameter tampering attacks running enforcing each input submitted
lens.org 参考文章(31)
William G.J. Halfond, Alessandro Orso, Jeremy Viegas, A Classification of SQL-Injection Attacks and Countermeasures Proceedings of the International Symposium on Secure Software Engineering. ,(2006)
Zhenkai Liang, Juan Caballero, Dawn Song, David Brumley, James Newsome, Towards automatic discovery of deviations in binary implementations with applications to error detection and fingerprint generation usenix security symposium. pp. 15- ,(2007)
David A. Molnar, Michael Y. Levin, Patrice Godefroid, Automated Whitebox Fuzz Testing. network and distributed system security symposium. ,(2008)
Azzedine Benameur, Paul El Khoury, Input and output validation ,(2008)
Shay Artzi, Marco Pistoia, Julian Dolby, Frank Tip, Generating inputs for client-server programs for fault detection and localization ,(2010)
Christopher A. Rygaard, Mobile application security system and method ,(2001)
Matthew Van Gundy, Hao Chen, Noncespaces: Using Randomization to Enforce Information Flow Tracking and Thwart Cross-Site Scripting Attacks. network and distributed system security symposium. ,(2009)
V. Benjamin Livshits, Monica S. Lam, Finding security vulnerabilities in java applications with static analysis usenix security symposium. pp. 18- 18 ,(2005)
Siamak Pazirandeh, Jeremiah Grossman, Robert Stone, Bill Pennington, System for detecting vulnerabilities in web applications using client-side application interfaces ,(2006)
Prithvi Bisht, A. Prasad Sistla, V. N. Venkatakrishnan, Automatically preparing safe SQL queries financial cryptography. ,vol. 6052, pp. 272- 288 ,(2010) , 10.1007/978-3-642-14577-3_21