0% Complete
Home
/
11th International Conference on Computer and Knowledge Engineering
Automatic Detection and Risk Assessment of Session Management Vulnerabilities in Web Applications
Authors :
Nasrin Garmabi
1
Mohammad Ali Hadavi
2
1- Malek-Ashtar University of Technology
2- Malek-Ashtar University of Technology
Keywords :
Web application security, session management vulnerabilities, session identifiers, session hijacking, risk assessment
Abstract :
The session management mechanism is a source of several threats to the security of web applications. While lots of web-based software vulnerabilities are due to weaknesses in session management design and implementation, existing methods and tools still have considerable limitations to fully detect those vulnerabilities. In this paper, a black-box method is presented to detect session management vulnerabilities by analyzing browser-server traffic. We have identified some features in the traffic related to the security of session management. The features are either dependent on or independent of languages and programming frameworks. They are the leaves of our constructed attack tree upon which we assess the total risk of session vulnerabilities for a web application. Our simple yet effective idea results in more accurate detection of session vulnerabilities compared to well-known vulnerability scanners. Our experimental evaluations on several case studies confirm the effectiveness of our approach in terms of its vulnerability detection as well as in its risk assessment.
Papers List
List of archived papers
Taguchi Design of Experiments Application in Robust sEMG Based Force Estimation
Mohsen Ghanaei - Hadi Kalani - Alireza Akbarzadeh
A Review on Secure Data Storage and Data Sharing Technics in Blockchain-based IoT Healthcare Systems
Seyedeh Somayeh Fatemi Nasab - Davoud Bahrepour - Seyed Reza Kamel Tabbakh
Iris Detection and Segmentation Using Deep Learning
Ali Khaki - Ali Aghagolzadeh - Bagher Rahimpour Cami
CSI-Based Human Activity Recognition using Convolutional Neural Networks
Parisa Fard Moshiri - Mohammad Nabati - Reza Shahbazian - Seyed Ali Ghorashi
Financial Market Prediction Using Deep Neural Networks with Hardware Acceleration
Dara Rahmati - Mohammad Hadi Foroughi - Ali Bagherzadeh - Mehdi Foroughi - Saeid Gorgin
A Survey on Semi-Automated and Automated Approaches for Video Annotation
Samin Zare - Mehran Yazdi
Prediction of West Texas Intermediate Crude-oil Price Using Hybrid Attention-based Deep Neural Networks: A Comparative Study
Alireza Jahandoost - Mahboobeh Houshmand - Seyyed Abed Hosseini
An overview of Business Intelligence research in healthcare organizations using a topic modeling approach
Mohammad Mehraeen - Laya Mahmoudi - Mohammad Hossein Sharifi
Optimizing Foreign Exchange Trading Performance Through Reinforcement Machine Learning Framework
Ervin Gubin Moung - Hani Yasmin Binti Murnizam - Maisarah Mohd Sufian - Valentino Liaw - Ali Farzamnia - Lorita Angeline
Standardized ReACT Logits: An Effective Approach for Anomaly Segmentation in Self-driving Cars
Mahdi Farhadi - Seyede Mahya Hazavei - Shahriar Baradaran Shokouhi
more
Samin Hamayesh - Version 41.7.6