0% Complete
Home
/
11th International Conference on Computer and Knowledge Engineering
Automatic Detection and Risk Assessment of Session Management Vulnerabilities in Web Applications
Authors :
Nasrin Garmabi
1
Mohammad Ali Hadavi
2
1- Malek-Ashtar University of Technology
2- Malek-Ashtar University of Technology
Keywords :
Web application security, session management vulnerabilities, session identifiers, session hijacking, risk assessment
Abstract :
The session management mechanism is a source of several threats to the security of web applications. While lots of web-based software vulnerabilities are due to weaknesses in session management design and implementation, existing methods and tools still have considerable limitations to fully detect those vulnerabilities. In this paper, a black-box method is presented to detect session management vulnerabilities by analyzing browser-server traffic. We have identified some features in the traffic related to the security of session management. The features are either dependent on or independent of languages and programming frameworks. They are the leaves of our constructed attack tree upon which we assess the total risk of session vulnerabilities for a web application. Our simple yet effective idea results in more accurate detection of session vulnerabilities compared to well-known vulnerability scanners. Our experimental evaluations on several case studies confirm the effectiveness of our approach in terms of its vulnerability detection as well as in its risk assessment.
Papers List
List of archived papers
Intensity-Image Reconstruction Using Event Camera Data by Changing in LSTM Update
Arezoo Rahmati Soltangholi - Ahad Harati - Abedin Vahedian
A Novel Approach for Image-Text Matching Cross-Modal Space Learning
Amirreza Ebrahimi - Mohammad Javad Parseh - Pejman Rasti
Delay Optimization of a Federated Learning-based UAV-aided IoT network
Hossein Mohammadi Firouzjaei - Javad Zeraatkar Moghaddam - Mehrdad Ardebilipour
A 2D-CNN Architecture for Improving the Classification Accuracy of an Electronic Nose with Different Sensor Positions
Hannaneh Mahdavi - Reza Goldoust - Saeideh Rahbarpour
Area-Efficient VLSI Implementation of Bit-Serial Multiplier Using Polynomial Basis over GF(2m)
Saeideh Nabipour - Javad Javidan - Gholamreza Zare Fatin
An Interactive Approach for Query-based Multi-Document Scientific Text Summarization
Mohammadsadra Nejati - Azadeh Mohebi - Abbas Ahmadi
Islamic Geometric algorithms: A survey
Elham Akbari - Azam Bastanfard
A parallel CNN-BiGRU network for short-term load forecasting in demand-side management
Arghavan Irankhah - Sahar Rezazadeh Saatlou - Mohammad Hossein Yaghmaee - Sara Ershadi-Nasab - Mohammad Alishahi
InfOnto: An ontology for fashion influencer marketing based on Instagram
Somaye Sultani - Mohsen Kahani
Span-prediction of Unknown Values for Long-sequence Dialogue State Tracking
Marzieh Naghdi Dorabati - Reza Ramezani - Mohammad Ali Nematbakhsh
more
Samin Hamayesh - Version 41.3.1