0% Complete
Home
/
11th International Conference on Computer and Knowledge Engineering
Automatic Detection and Risk Assessment of Session Management Vulnerabilities in Web Applications
Authors :
Nasrin Garmabi
1
Mohammad Ali Hadavi
2
1- Malek-Ashtar University of Technology
2- Malek-Ashtar University of Technology
Keywords :
Web application security, session management vulnerabilities, session identifiers, session hijacking, risk assessment
Abstract :
The session management mechanism is a source of several threats to the security of web applications. While lots of web-based software vulnerabilities are due to weaknesses in session management design and implementation, existing methods and tools still have considerable limitations to fully detect those vulnerabilities. In this paper, a black-box method is presented to detect session management vulnerabilities by analyzing browser-server traffic. We have identified some features in the traffic related to the security of session management. The features are either dependent on or independent of languages and programming frameworks. They are the leaves of our constructed attack tree upon which we assess the total risk of session vulnerabilities for a web application. Our simple yet effective idea results in more accurate detection of session vulnerabilities compared to well-known vulnerability scanners. Our experimental evaluations on several case studies confirm the effectiveness of our approach in terms of its vulnerability detection as well as in its risk assessment.
Papers List
List of archived papers
Using Deep Learning for Classification of Lung Cancer on CT Images in Ardabil Province
Mohammad Ali Javadzadeh Barzaki - Jafar Abdollahi - Mohammad Negaresh - Maryam Salimi - Hadi Zolfeghari - Mohsen Mohammadi - Asma Salmani - Rona Jannati - Firouz Amani
A Survey of the AVOA Metaheuristic Algorithm and its Suitability for Power System Optimization and Damping Controller Design
Aliyu Sabo - Theophilus Ebuka Odoh - Samuel Habu - Hossien Shahinzadeh - Farshad Ebrahimi
AgeNet-AT: An End-to-End Model for Robust Joint Speaker Age Estimation and Gender Recognition Based on Attention Mechanism and Titanet
Mahsa Zamani Tarashandeh - Amirhossein Torkanloo - Mohammad Hossein Moattar
Intelligent Interpretation of Frequency Response Signatures to Diagnose Radial Deformation in Transformer Windings Using Artificial Neural Network
Reza Behkam - Hossein Karami - Mehdi Salay Naderi - Gevork B. Gharehpetian
A Review on Secure Data Storage and Data Sharing Technics in Blockchain-based IoT Healthcare Systems
Seyedeh Somayeh Fatemi Nasab - Davoud Bahrepour - Seyed Reza Kamel Tabbakh
Automatic Detection and Risk Assessment of Session Management Vulnerabilities in Web Applications
Nasrin Garmabi - Mohammad Ali Hadavi
R2-BAC: A Novel Blockchain and IoT-Based Access Control Model for Supply Chain Management
Sadegh Sohani - Farnaz Kamranfar - Haleh Amintoosi - Mohammad Allahbakhsh
Load Frequency Control of Geothermal Power Plant Incorporated Two-Area Hydro-Thermal System with AC-DC Lines
Shanker J Gambhire - Malligunta Kiran Kumar - Hossein Shahinzadeh - Mohammad-hossein Fayaz-dastgerdi - B. Srikanth Goud - Ch.Naga sai Kalyan
An Ensemble CNN for Brain Age Estimation based on Hippocampal Region Applicable to Alzheimer's Diagnosis
Zahra Qodrati - Seyedeh Masoumeh Taji - Habibollah Danyali - Kamran Kazemi
Towards Study of Research Topics Evolution in Artificial Intelligence based on Topic Embedding
Seyyed Reza Taher Harikandeh - Sadegh Aliakbary - Soroush Taheri
more
Samin Hamayesh - Version 41.7.6