0% Complete
Home
/
11th International Conference on Computer and Knowledge Engineering
Automatic Detection and Risk Assessment of Session Management Vulnerabilities in Web Applications
Authors :
Nasrin Garmabi
1
Mohammad Ali Hadavi
2
1- Malek-Ashtar University of Technology
2- Malek-Ashtar University of Technology
Keywords :
Web application security, session management vulnerabilities, session identifiers, session hijacking, risk assessment
Abstract :
The session management mechanism is a source of several threats to the security of web applications. While lots of web-based software vulnerabilities are due to weaknesses in session management design and implementation, existing methods and tools still have considerable limitations to fully detect those vulnerabilities. In this paper, a black-box method is presented to detect session management vulnerabilities by analyzing browser-server traffic. We have identified some features in the traffic related to the security of session management. The features are either dependent on or independent of languages and programming frameworks. They are the leaves of our constructed attack tree upon which we assess the total risk of session vulnerabilities for a web application. Our simple yet effective idea results in more accurate detection of session vulnerabilities compared to well-known vulnerability scanners. Our experimental evaluations on several case studies confirm the effectiveness of our approach in terms of its vulnerability detection as well as in its risk assessment.
Papers List
List of archived papers
Real-Time Vehicle Detection and Classification in UAV imagery Using Improved YOLOv5
Mohammad Hossein Hamzenejadi - Hadis Mohseni
A large input-space-margin approach for adversarial training
Reihaneh Nikouei - Mohammad Taheri
City Intersection Clustering and Analysis Based on Traffic Time Series
Mohammad Aminazadeh - Fakhroddin Noorbehbahani
Smart Home Connectivity: Identifying the Best IoT Application Layer Protocols
Hossein Shahinzadeh - Zohreh Azani - Sundus F. Al-Hameedawi - S. Mohammadali Zanjani - Saiedeh Mehrabani-Najafabadi - Mohammadreza Hemmati
Efficient Object Detection using Deep Reinforcement Learning and Capsule Networks
Sobhan Siamak - Eghbal Mansoori
Using Deep Learning for Classification of Lung Cancer on CT Images in Ardabil Province
Mohammad Ali Javadzadeh Barzaki - Jafar Abdollahi - Mohammad Negaresh - Maryam Salimi - Hadi Zolfeghari - Mohsen Mohammadi - Asma Salmani - Rona Jannati - Firouz Amani
Segmentation of Hard Exudates in Retinal Fundus Images Using BCDU-Net
Nafise Ameri - Nasser Shoeibi - Mojtaba Abrishami
Novel Insights in Deep Learning for Predicting Climate Phenomena
Mohammad Naisipour - Saghar Ganji - Iraj Saeedpanah - Behnam Mehrakizadeh - Ahmad Reza Labibzadeh
MultiPath ViT OCR: A Lightweight Visual Transformer-based License Plate Optical Character Recognition
Alireza Azadbakht - Saeed Reza Kheradpisheh - Hadi Farahani
Time Series Analysis by Bi-GRU for Forecasting Bitcoin Trends based on Sentiment Analysis
Fatemeh Saadatmand - Mohammad Ali Zare Chahoki
more
Samin Hamayesh - Version 41.7.6