Searching for just a few words should be enough to get started. If you need to make more complex queries, use the tips below to guide you.
Article type: Research Article
Authors: De Meo, Federicoa | Viganò, Lucab; *
Affiliations: [a] Dipartimento di Informatica, Università di Verona, Italy. E-mail: [email protected] | [b] Department of Informatics, King’s College London, United Kingdom. E-mail: [email protected]
Correspondence: [*] Corresponding author. E-mail: [email protected].
Abstract: We propose a formal and automated approach that allows one to (i) reason about vulnerabilities of web applications and (ii) combine multiple vulnerabilities for the identification of complex, multi-stage attacks. We have developed WAFEx, an automatic tool that implements our approach and we show its efficiency by applying it to real-world case studies. WAFEx was able to generate, and exploit, previously unknown attacks.
Keywords: Security testing, vulnerability assessment, penetration testing, model checking, web applications, formal methods, SQL injection, cross-site scripting, cross-site request forgery, file-system related vulnerabilities
DOI: 10.3233/JCS-181262
Journal: Journal of Computer Security, vol. 28, no. 5, pp. 525-576, 2020
IOS Press, Inc.
6751 Tepper Drive
Clifton, VA 20124
USA
Tel: +1 703 830 6300
Fax: +1 703 830 2300
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
IOS Press
Nieuwe Hemweg 6B
1013 BG Amsterdam
The Netherlands
Tel: +31 20 688 3355
Fax: +31 20 687 0091
[email protected]
For editorial issues, permissions, book requests, submissions and proceedings, contact the Amsterdam office [email protected]
Inspirees International (China Office)
Ciyunsi Beili 207(CapitaLand), Bld 1, 7-901
100025, Beijing
China
Free service line: 400 661 8717
Fax: +86 10 8446 7947
[email protected]
For editorial issues, like the status of your submitted paper or proposals, write to [email protected]
如果您在出版方面需要帮助或有任何建, 件至: [email protected]