Please insert a figure in the master transparency. KIT – University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association.

Slides:



Advertisements
Similar presentations
Hossain Shahriar Mohammad Zulkernine. One of the worst vulnerabilities in web applications It involves the generation of dynamic HTML contents with invalidated.
Advertisements

JD Edwards Service JD Edwards Service SAP Service SAP Service Java Appl. Service Java Appl. Service.Net Appl. Service.Net Appl. Service CICS Service.
Mobile Code Security Yurii Kuzmin. What is Mobile Code? Term used to describe general-purpose executables that run in remote locations. Web browsers come.
Abstraction and Modular Reasoning for the Verification of Software Corina Pasareanu NASA Ames Research Center.
Web Trust Boundaries and Security Vulnerabilities Haris Volos and Hidayat Teonadi CS739 – Distributed Systems.
 Copyright Wipro Technologies JSP Ver 1.0 Page 1 Talent Transformation Java Server Pages.
EDUCAUSE Security Professionals Conference 2007 Monkey-in-the-Middle Attacks on Campus Networks Andrew J. KortySean KrulewitchIndiana University April.
Abhinn Kothari, 2009CS10172 Parth Jaiswal 2009CS10205 Group: 3 Supervisor : Huzur Saran.
Common Exploits Aaron Cure Cypress Data Defense. SQL Injection.
Deeper Security Analysis of Web-based Identity Federation Apurva Kumar IBM Research – India.
WebGoat & WebScarab “What is computer security for $1000 Alex?”
Automated creation of verification models for C-programs Yury Yusupov Saint-Petersburg State Polytechnic University The Second Spring Young Researchers.
Why Security Testing Is Hard by Herbert H. Thompson presented by Carlos Hernandez.
Information Networking Security and Assurance Lab National Chung Cheng University 1 Top Vulnerabilities in Web Applications (I) Unvalidated Input:  Information.
©2009 Justin C. Klein Keane PHP Code Auditing Session 6 Auditing Strategies & Demonstration Justin C. Klein Keane
CS 290C: Formal Models for Web Software Lecture 1: Introduction Instructor: Tevfik Bultan.
The OWASP Foundation Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under.
Aaron Blankstein and Michael J. Freedman Princeton University Tuan Tran.
Introduction to InfoSec – Recitation 10 Nir Krakowski (nirkrako at post.tau.ac.il) Itamar Gilad (itamargi at post.tau.ac.il)
W3af LUCA ALEXANDRA ADELA – MISS 1. w3af  Web Application Attack and Audit Framework  Secures web applications by finding and exploiting web application.
Introduction to Application Penetration Testing
C Copyright © 2009, Oracle. All rights reserved. Appendix C: Service-Oriented Architectures.
Selenium automated testing in Openbravo ERP Quality Assurance Webinar April 8th, 2010.
1-Vulnerabilities 2-Hackers 3-Categories of attacks 4-What a malicious hacker do? 5-Security mechanisms 6-HTTP Web Servers 7-Web applications attacks.
Designing For Testability. Incorporate design features that facilitate testing Include features to: –Support test automation at all levels (unit, integration,
Lesson 15 Client Side Vulnerabilities and you. Active Server Pages MS’s answer to the scripting world of PERL and CGI on Unix Usually Written In Visual.
CH2 System models.
JSProxy: Safety from Javascript Benjamin Prosnitz, Tang Yi, Yinzhi Cao.
Web Mashups -Nirav Shah.
Co-design Environment for Secure Embedded Systems Matt Eby, Janos L. Mathe, Jan Werner, Gabor Karsai, Sandeep Neema, Janos Sztipanovits, Yuan Xue Institute.
Model-Based Testing Prof. Walter Kriha, Hochschule der Medien Stuttgart, Computer Science and Media Faculty September 16, 2005 Forces and Solutions GENERALLY.
Executable specification of cryptofraglets with Maude for security verification Fabio Martinelli and Marinella Petrocchi IIT-CNR, Pisa Italy presented.
POSTER TEMPLATE BY: Whitewater HTTP Vulnerabilities Nick Berry, Joe Joyce, & Kevin Vaccaro. Syntax & Routing Attempt to capture.
1 3. Computing System Fundamentals 3.1 Language Translators.
Web Application Security ECE ECE Internetwork Security What is a Web Application? An application generally comprised of a collection of scripts.
Advanced Computer Networks Topic 2: Characterization of Distributed Systems.
Analysis of SQL injection prevention using a filtering proxy server By: David Rowe Supervisor: Barry Irwin.
An Introduction to Software Engineering. Communication Systems.
Integrating Digital Libraries by CORBA, XML and Servlet Integrating Digital Libraries by CORBA, XML and Servlet Wing Hang Cheung, Michael R. Lyu and Kam.
SQL INJECTIONS Presented By: Eloy Viteri. What is SQL Injection An SQL injection attack is executed when a web page allows users to enter text into a.
Jsp (Java Server Page) Is a server side program.
Moby Web Services Iván Párraga García MSc on Bioinformatics for Health Sciences May 2006.
Case Study.  Client needed to build data collection agents for various mobile platform  This needs to be integrated with the existing J2ee server 
Web Portals Gateway To Information Or A Hole In Our Perimeter Defenses sm sm Deral Heiland – Layered Defense Research.
Presented By: Chandra Kollipara. Cross-Site Scripting: Cross-Site Scripting attacks are a type of injection problem, in which malicious scripts are injected.
Web Security Lesson Summary ●Overview of Web and security vulnerabilities ●Cross Site Scripting ●Cross Site Request Forgery ●SQL Injection.
Search Engine using Web Mining COMS E Web Enhanced Information Mgmt Prof. Gail Kaiser Presented By: Rupal Shah (UNI: rrs2146)
HACNet Simulation-based Validation of Security Protocols Vinay Venkataraghavan Advisors: S.Nair, P.-M. Seidel HACNet Lab Computer Science and Engineering.
Protocol Derivation Assistant Matthias Anlauff Kestrel Institute
What Is XSS ? ! Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to.
EECS 354: Network Security Group Members: Patrick Wong Eric Chan Shira Schneidman Web Attacks Project: Detecting XSS and SQL Injection Vulnerabilities.
Speaker:Chiang Hong-Ren An Investigation and Implementation of Botnet Detection Schemes.
OWASP ASVS Levels1234 Tools Manual Test and Review Manual Design Review At higher levels in ASVS,the use of tools is encouraged. But to be effective,the.
Puppetnets: Misusing Web Browsers as a Distributed Attack Infrastructure Paper By : V.T.Lam, S.Antonatos, P.Akritidis, K.G.Anagnostakis Conference : ACM.
SpyProxy SpyProxy Execution-based Detection of MaliciousWeb Content Execution-based Detection of MaliciousWeb Content Hongjin, Lee.
COSC513 Final Project Firewall in Internet Security Student Name: Jinqi Zhang Student ID: Instructor Name: Dr.Anvari.
Active X and Signed Applets Chad Bollard. Overview ActiveX  Security Features  Hidden Problems Signed Applets  Security Features  Security Problems.
Aaron Corso COSC Spring What is LAMP?  A ‘solution stack’, or package of an OS and software consisting of:  Linux  Apache  MySQL  PHP.
Performance Testing Using VSTS Saravana Kumar Microsoft MVP, VSTS Hewlett Packard Saravana Kumar Microsoft MVP, VSTS Hewlett Packard.
Page 1 Ethical Hacking by Douglas Williams. Page 2 Intro Attackers can potentially use many different paths through your application to do harm to your.
Constraint Framework, page 1 Collaborative learning for security and repair in application communities MIT site visit April 10, 2007 Constraints approach.
Manuel Brugnoli, Elisa Heymann UAB
Web Mashups -Nirav Shah.
Automatic Web Security Unit Testing: XSS Vulnerability Detection Mahmoud Mohammadi, Bill Chu, Heather Richter, Emerson Murphy-Hill Presenter:
Security Testing Methods
Host of Troubles : Multiple Host Ambiguities in HTTP Implementations
Web Penetration Testing and Ethical Hacking Capture the Flag
Li Yang, Carson Woods (University of Tennessee at Chattanooga
Presentation transcript:

Please insert a figure in the master transparency. KIT – University of the State of Baden-Wuerttemberg and National Research Center of the Helmholtz Association Certifiable Trustworthy IT Systems SPaCiTE – Web Application Testing Engine Matthias Büchler, Johan Oudinet, and Alexander Pretschner April 21, 2012

M. Büchler, J. Oudinet, A. Pretschner 2 SPaCiTE – Web Application Testing Engine Motivation / Purpose of the Tool Secure Model: M ⊨ φ Is Web Application Secure ? Web Application How does a secure model help to answer this question?

M. Büchler, J. Oudinet, A. Pretschner 3 SPaCiTE – Web Application Testing Engine Motivation / Purpose of the Tool Client SideServer Side

M. Büchler, J. Oudinet, A. Pretschner 4 SPaCiTE – Web Application Testing Engine Motivation / Purpose of the Tool

M. Büchler, J. Oudinet, A. Pretschner 5 SPaCiTE – Web Application Testing Engine SPaCiTE Workflow How SPaCiTE executes test cases (attack traces) based on secure models

M. Büchler, J. Oudinet, A. Pretschner 6 SPaCiTE – Web Application Testing Engine The Secure Model – Abstract Messages

M. Büchler, J. Oudinet, A. Pretschner 7 SPaCiTE – Web Application Testing Engine The Secure Model – Horn Clauses

M. Büchler, J. Oudinet, A. Pretschner 8 SPaCiTE – Web Application Testing Engine The Secure Model – The Honest User

M. Büchler, J. Oudinet, A. Pretschner 9 SPaCiTE – Web Application Testing Engine The Secure Model – The Server

M. Büchler, J. Oudinet, A. Pretschner 10 SPaCiTE – Web Application Testing Engine The Secure Model – Secrecy Goal

M. Büchler, J. Oudinet, A. Pretschner 11 SPaCiTE – Web Application Testing Engine Model-Based Flaw Injection Library isAuthorizedTo*

M. Büchler, J. Oudinet, A. Pretschner 12 SPaCiTE – Web Application Testing Engine Model Checking SATMC CL-ATSE OFMC Reuse AVANTSSAR Backends

M. Büchler, J. Oudinet, A. Pretschner 13 SPaCiTE – Web Application Testing Engine Abstract Attack Trace ->*webServer : login(tom,password(tom,webServer)) webServer-> : listStaffOf(tom) *->webServer : viewProfileOf(jerry) webServer*->* : profileOf(jerry)

M. Büchler, J. Oudinet, A. Pretschner 14 SPaCiTE – Web Application Testing Engine Transform AAT to WAAL Configuration Information How are abstract messages translated into actions How is a viewProfileOf message generated in the browser?

M. Büchler, J. Oudinet, A. Pretschner 15 SPaCiTE – Web Application Testing Engine Transform AAT to WAAL How are abstract messages translated into actions

M. Büchler, J. Oudinet, A. Pretschner 16 SPaCiTE – Web Application Testing Engine Transform AAT to WAAL Translate WAAL actions to Java source code Embed them into a test execution engine skeleton

M. Büchler, J. Oudinet, A. Pretschner 17 SPaCiTE – Web Application Testing Engine Execution Execute the test case Recovery actions might be needed

M. Büchler, J. Oudinet, A. Pretschner 18 SPaCiTE – Web Application Testing Engine Example of a Recovery Action

M. Büchler, J. Oudinet, A. Pretschner 19 SPaCiTE – Web Application Testing Engine

M. Büchler, J. Oudinet, A. Pretschner 20 SPaCiTE – Web Application Testing Engine Verdict

M. Büchler, J. Oudinet, A. Pretschner 21 SPaCiTE – Web Application Testing Engine Conclusion Semi-automatic security testing of web applications Automatic at browser level May request help from a test expert at HTTP level Interesting abstract attack traces were generated by injecting relevant source code level faults into the model Relevant fault = known vulnerability that have been exploited to violate any security goal in the secure model. We were able to reproduce all 4 Abstract Attack Traces coming from 2 RBAC and 2 XSS models

M. Büchler, J. Oudinet, A. Pretschner 22 SPaCiTE – Web Application Testing Engine Future Work Target different vulnerabilities and security goals Address side effects during recovery actions Extend the tool when global observation is not possible Integration work as part of SPaCiOS EU project * Demo on request, or visit:

M. Büchler, J. Oudinet, A. Pretschner 23 SPaCiTE – Web Application Testing Engine Model-Based Flaw Injection Library Mutation Operator represent vulnerabilities at model level They combine a security property and a vulnerability

M. Büchler, J. Oudinet, A. Pretschner 24 SPaCiTE – Web Application Testing Engine Assumptions and Limitations Secure model must exist → If not, try to make use of model inference Each abstract message must be mappable to WAAL actions that means every abstract message must be expressed in terms of generating and/or verifying actions at browser level that doesn’t imply that action must be performed in browser → see Recovery Actions → If not, WAAL actions can be bypassed and abstract message is directly mapped to protocol level messages (no guidance by SPaCiTE) Used model checker considers the Dolev Yao Model for the intruder behavior Intruder is the network (Every component must be wrapped by a Proxy to have global observation property) No side effects during recovery actions Deterministic system

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.