An automated approach to generate Web applications attack scenarios

被引：2

作者：

Alata, Eric ^{[1
]}

Kaaniche, Mohamed

Nicomette, Vincent

Akrout, Rim

机构：

[1] CNRS, LAAS, 7 Ave Colonel Roche, F-31400 Toulouse, France

来源：

2013 SIXTH LATIN-AMERICAN SYMPOSIUM ON DEPENDABLE COMPUTING (LADC) | 2013年

关键词：

Security; vulnerability scanner; vulnerability detection algorithm;

D O I：

10.1109/LADC.2013.22

中图分类号：

TP301 [理论、方法];

学科分类号：

081202 ;

摘要：

Web applications have become one of the most popular targets of attacks during the last years. Therefore it is important to identify the vulnerabilities of such applications and to remove them to prevent potential attacks. This paper presents an approach that is aimed at the vulnerability assessment of Web applications following a black-box approach. The objective is to detect vulnerabilities in Web applications and their dependencies and to generate attack scenarios that reflect such dependencies. Our approach aims to move a step forward toward the automation of this process. The paper presents the main concepts behind the proposed approach and an example that illustrates the main steps of the algorithm leading to the identification of the vulnerabilities of a Web application and their dependencies.

引用

页码：78 / 85

页数：8

共 22 条

[1] Akrout R., 2012, THESIS
[2] [Anonymous], DR DOBBS J DEC
[3] [Anonymous], 2012, XFORC 2012 MID TREND
[4] Bau J., 2010, P 2010 IEEE S SEC PR
[5] Dessiatnikoff A., 2011, P 17 IEEE PAC RIM IN
[6] Doupe A., 2010, P DIMVA 2010
[7] Dupont P., 1994, Grammatical Inference and Applications. Second International Colloquium, ICGI-94 Proceedings, P236
[8] Dupont P., 1996, Grammatical Inference: Learning Syntax from Sentences. Third International Colloquium, ICGI-96 Proceedings, P222, DOI 10.1007/BFb0033357
[9] Fong E., 2007, P HICSS 40CONFEREE H
[10] Fonseca J., 2007, P 2007 IEEE S PAC RI, P330

← 1 2 3 →