0% Complete
Home
/
11th International Conference on Computer and Knowledge Engineering
Automatic Detection and Risk Assessment of Session Management Vulnerabilities in Web Applications
Authors :
Nasrin Garmabi
1
Mohammad Ali Hadavi
2
1- Malek-Ashtar University of Technology
2- Malek-Ashtar University of Technology
Keywords :
Web application security, session management vulnerabilities, session identifiers, session hijacking, risk assessment
Abstract :
The session management mechanism is a source of several threats to the security of web applications. While lots of web-based software vulnerabilities are due to weaknesses in session management design and implementation, existing methods and tools still have considerable limitations to fully detect those vulnerabilities. In this paper, a black-box method is presented to detect session management vulnerabilities by analyzing browser-server traffic. We have identified some features in the traffic related to the security of session management. The features are either dependent on or independent of languages and programming frameworks. They are the leaves of our constructed attack tree upon which we assess the total risk of session vulnerabilities for a web application. Our simple yet effective idea results in more accurate detection of session vulnerabilities compared to well-known vulnerability scanners. Our experimental evaluations on several case studies confirm the effectiveness of our approach in terms of its vulnerability detection as well as in its risk assessment.
Papers List
List of archived papers
FaaScaler: An Automatic Vertical and Horizontal Scaler for Serverless Computing Environments
Zahra Rezaei - Saeid Abrishami - Seid Nima Moeintaghavi
Financial Market Prediction Using Deep Neural Networks with Hardware Acceleration
Dara Rahmati - Mohammad Hadi Foroughi - Ali Bagherzadeh - Mehdi Foroughi - Saeid Gorgin
A Review on Machine Learning Methods for Workload Prediction in Cloud Computing
Mohammad Yekta - Hadi Shahriar Shahhoseini
Real-Time Vehicle Detection and Classification in UAV imagery Using Improved YOLOv5
Mohammad Hossein Hamzenejadi - Hadis Mohseni
R2-BAC: A Novel Blockchain and IoT-Based Access Control Model for Supply Chain Management
Sadegh Sohani - Farnaz Kamranfar - Haleh Amintoosi - Mohammad Allahbakhsh
Stock market prediction using multi-objective optimization
Mahshid Zolfaghari - Hamid Fadishei - Mohsen Tajgardan - Reza Khoshkangini
A Framework for Automated Cardiovascular Magnetic Resonance Image Quality Scoring based on EuroCMR Registry Criteria
Shahabedin Nabavi - Mohsen Ebrahimi Moghaddam - Ahmad Ali Abin - Alejandro Frangi
Hate Sentiment Recognition System For Persian Language
Pegah Shams jey - Arash Hemmati - Ramin Toosi - Mohammad ali Akhaee
Semantic Segmentation Using Region Proposals and Weakly-Supervised Learning
Maryam Taghizadeh - Abdolah Chalechale
A Novel Method For Fake News Detection Based on Propagation Tree
Mansour Davoudi - Mohammad Reza Moosavi - Mohammad Hadi Sadreddini
more
Samin Hamayesh - Version 41.5.3