International Conference on Computer and Knowledge Engineering

Home / 11th International Conference on Computer and Knowledge Engineering

Automatic Detection and Risk Assessment of Session Management Vulnerabilities in Web Applications

Authors :

Nasrin Garmabi¹ Mohammad Ali Hadavi²

1- Malek-Ashtar University of Technology 2- Malek-Ashtar University of Technology

Keywords :

Web application security, session management vulnerabilities, session identifiers, session hijacking, risk assessment

Abstract :

The session management mechanism is a source of several threats to the security of web applications. While lots of web-based software vulnerabilities are due to weaknesses in session management design and implementation, existing methods and tools still have considerable limitations to fully detect those vulnerabilities. In this paper, a black-box method is presented to detect session management vulnerabilities by analyzing browser-server traffic. We have identified some features in the traffic related to the security of session management. The features are either dependent on or independent of languages and programming frameworks. They are the leaves of our constructed attack tree upon which we assess the total risk of session vulnerabilities for a web application. Our simple yet effective idea results in more accurate detection of session vulnerabilities compared to well-known vulnerability scanners. Our experimental evaluations on several case studies confirm the effectiveness of our approach in terms of its vulnerability detection as well as in its risk assessment.

Papers List

List of archived papers

A 2D-CNN Architecture for Improving the Classification Accuracy of an Electronic Nose with Different Sensor Positions

Hannaneh Mahdavi - Reza Goldoust - Saeideh Rahbarpour

Novel Insights in Deep Learning for Predicting Climate Phenomena

Mohammad Naisipour - Saghar Ganji - Iraj Saeedpanah - Behnam Mehrakizadeh - Ahmad Reza Labibzadeh

Financial Market Prediction Using Deep Neural Networks with Hardware Acceleration

Dara Rahmati - Mohammad Hadi Foroughi - Ali Bagherzadeh - Mehdi Foroughi - Saeid Gorgin

Spatial-channel attention-based stochastic neighboring embedding pooling and long short term memory for lung nodules classification

AHMED SAIHOOD - HOSSEIN KARSHENAS - AHMADREZA NAGHSH NILCHI

XAI for Transparent Autonomous Vehicles: A New Approach to Understanding Decision-Making in Self-driving Cars

Maryam Sadat Hosseini Azad - Amir Abbas Hamidi Imani - Shahriar Baradaran Shokouhi

Autonomous Drone Navigation Using Synchronized Camera and IMU Data with CNN

Reza Javanmard Alitappeh - Narges Hamzeh Mermeti - Fatemeh Barzegar - Fatemeh Ebrahimi - Nima Mahmoudi - Jalal Alipour Langouri

A Comprehensive Dataset of Real-scene Images for Text Detection and Recognition in Persian

Iman Souzanchi - Ramin Rahimi - Mohammad Ali Majidi Anvari - Atefeh Baniasadi - Ashkan Sadeghi - Mohammad Reza Mohammadi

Synthetic Trajectory Sharing Indoors under Privacy Constraints

Mahdi Soltanpour - Vahideh Moghtadaiee - Mina Alishahi

Distilling Knowledge from CNN-Transformer Models for Enhanced Human Action Recognition

Hamid Ahmadabadi - Omid Nejati Manzari - Ahmad Ayatollahi

Leveraging Self-Supervised Models for Automatic Whispered Speech Recognition

Aref Farhadipour - Homa Asadi - Volker Dellwo