Back to Search Start Over

An Automated Approach to Generate Web Applications Attack Scenarios

Authors :
Eric Alata
Rim Akrout
Mohamed Kaaniche
Vincent Nicomette
Équipe Tolérance aux fautes et Sûreté de Fonctionnement informatique (LAAS-TSF)
Laboratoire d'analyse et d'architecture des systèmes (LAAS)
Université Toulouse Capitole (UT Capitole)
Université de Toulouse (UT)-Université de Toulouse (UT)-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse)
Institut National des Sciences Appliquées (INSA)-Université de Toulouse (UT)-Institut National des Sciences Appliquées (INSA)-Université Toulouse - Jean Jaurès (UT2J)
Université de Toulouse (UT)-Université Toulouse III - Paul Sabatier (UT3)
Université de Toulouse (UT)-Centre National de la Recherche Scientifique (CNRS)-Institut National Polytechnique (Toulouse) (Toulouse INP)
Université de Toulouse (UT)-Université Toulouse Capitole (UT Capitole)
Université de Toulouse (UT)
Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse 1 Capitole (UT1)
Université Fédérale Toulouse Midi-Pyrénées-Université Fédérale Toulouse Midi-Pyrénées-Centre National de la Recherche Scientifique (CNRS)-Université Toulouse III - Paul Sabatier (UT3)
Université Fédérale Toulouse Midi-Pyrénées-Institut National des Sciences Appliquées - Toulouse (INSA Toulouse)
Institut National des Sciences Appliquées (INSA)-Institut National des Sciences Appliquées (INSA)-Institut National Polytechnique (Toulouse) (Toulouse INP)
Université Fédérale Toulouse Midi-Pyrénées-Université Toulouse - Jean Jaurès (UT2J)-Université Toulouse 1 Capitole (UT1)
Université Fédérale Toulouse Midi-Pyrénées
Source :
LADC, The 6th Latin-American Symposium on Dependable Computing (LADC-2013), The 6th Latin-American Symposium on Dependable Computing (LADC-2013), Apr 2013, Rio de Janeiro, Brazil. pp.78-85, ⟨10.1109/LADC.2013.22⟩
Publication Year :
2013
Publisher :
IEEE, 2013.

Abstract

International audience; —Web applications have become one of the most popular targets of attacks during the last years. Therefore it is important to identify the vulnerabilities of such applications and to remove them to prevent potential attacks. This paper presents an approach that is aimed at the vulnerability assessment of Web applications following a black-box approach. The objective is to detect vulnerabilities in Web applications and their dependencies and to generate attack scenarios that reflect such dependencies. Our approach aims to move a step forward toward the automation of this process. The paper presents the main concepts behind the proposed approach and an example that illustrates the main steps of the algorithm leading to the identification of the vulnerabilities of a Web application and their dependencies.

Subjects

Subjects :
medicine.medical_specialty
Engineering
Process (engineering)
attack scenario
02 engineering and technology
Computer security
computer.software_genre
SQL injection
[INFO.INFO-CR]Computer Science [cs]/Cryptography and Security [cs.CR]
Vulnerability assessment
020204 information systems
0202 electrical engineering, electronic engineering, information engineering
medicine
Web application
business.industry
[INFO.INFO-WB]Computer Science [cs]/Web
020207 software engineering
vulnerability scanner
Automation
Identification (information)
Security
vulnerability detection
The Internet
business
computer
Web modeling
Web vulnerabilities

Details

Database :
OpenAIRE
Journal :
2013 Sixth Latin-American Symposium on Dependable Computing
Accession number :
edsair.doi.dedup.....e4997334f040beb6933612d1514a30e7

Tools

Authors Abstract Subjects Details