Alhuzali et al., 2016 - Google Patents
Chainsaw: Chained automated workflow-based exploit generationAlhuzali et al., 2016
View PDF- Document ID
- 2089902066114083265
- Author
- Alhuzali A
- Eshete B
- Gjomemo R
- Venkatakrishnan V
- Publication year
- Publication venue
- Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security
External Links
Snippet
We tackle the problem of automated exploit generation for web applications. In this regard, we present an approach that significantly improves the state-of-art in web injection vulnerability identification and exploit generation. Our approach for exploit generation …
- 238000002347 injection 0 abstract description 12
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/55—Detecting local intrusion or implementing counter-measures
- G06F21/56—Computer malware detection or handling, e.g. anti-virus arrangements
- G06F21/562—Static detection
- G06F21/563—Static detection by source code analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/57—Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
- G06F21/577—Assessing vulnerabilities and evaluating computer system security
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30286—Information retrieval; Database structures therefor; File system structures therefor in structured data stores
- G06F17/30386—Retrieval requests
- G06F17/30424—Query processing
- G06F17/30477—Query execution
- G06F17/30507—Applying rules; deductive queries
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F11/00—Error detection; Error correction; Monitoring
- G06F11/36—Preventing errors by testing or debugging software
- G06F11/3668—Software testing
- G06F11/3672—Test management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F17/00—Digital computing or data processing equipment or methods, specially adapted for specific functions
- G06F17/30—Information retrieval; Database structures therefor; File system structures therefor
- G06F17/30861—Retrieval from the Internet, e.g. browsers
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/50—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems
- G06F21/52—Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity ; Preventing unwanted data erasure; Buffer overflow
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/70—Software maintenance or management
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F9/00—Arrangements for programme control, e.g. control unit
- G06F9/06—Arrangements for programme control, e.g. control unit using stored programme, i.e. using internal store of processing equipment to receive and retain programme
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06F—ELECTRICAL DIGITAL DATA PROCESSING
- G06F8/00—Arrangements for software engineering
- G06F8/40—Transformations of program code
-
- H—ELECTRICITY
- H04—ELECTRIC COMMUNICATION TECHNIQUE
- H04L—TRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
- H04L63/00—Network architectures or network communication protocols for network security
- H04L63/14—Network architectures or network communication protocols for network security for detecting or protecting against malicious traffic
- H04L63/1433—Vulnerability analysis
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING; COUNTING
- G06N—COMPUTER SYSTEMS BASED ON SPECIFIC COMPUTATIONAL MODELS
- G06N5/00—Computer systems utilising knowledge based models
- G06N5/02—Knowledge representation
- G06N5/022—Knowledge engineering, knowledge acquisition
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| Alhuzali et al. | Chainsaw: Chained automated workflow-based exploit generation | |
| Dahse et al. | Simulation of Built-in PHP Features for Precise Static Code Analysis. | |
| US10303448B2 (en) | Systems and methods for graph-based analysis of software | |
| Shu et al. | Threat intelligence computing | |
| US9128728B2 (en) | Locating security vulnerabilities in source code | |
| Wei et al. | Practical blended taint analysis for JavaScript | |
| Wassermann et al. | Sound and precise analysis of web applications for injection vulnerabilities | |
| Bisht et al. | Waptec: whitebox analysis of web applications for parameter tampering exploit construction | |
| Jovanovic et al. | Static analysis for detecting taint-style vulnerabilities in web applications | |
| Almorsy et al. | Supporting automated vulnerability analysis using formalized vulnerability signatures | |
| Luo et al. | Tchecker: Precise static inter-procedural analysis for detecting taint-style vulnerabilities in php applications | |
| Huang et al. | Uchecker: Automatically detecting php-based unrestricted file upload vulnerabilities | |
| Nguyen et al. | Cross-language program slicing for dynamic web applications | |
| Møller et al. | Automated detection of client-state manipulation vulnerabilities | |
| Muralee et al. | {ARGUS}: A Framework for Staged Static Taint Analysis of {GitHub} Workflows and Actions | |
| Azad et al. | {AnimateDead}: Debloating web applications using concolic execution | |
| Burket et al. | {GuardRails}: A {Data-Centric} Web Application Security Framework | |
| Pérez et al. | Lapse+ static analysis security software: Vulnerabilities detection in java ee applications | |
| de Poel et al. | Automated security review of PHP web applications with static code analysis | |
| Dahse | Static detection of complex vulnerabilities in modern PHP applications | |
| Eassa et al. | IMATT: An integrated multi-agent testing tool for the security of agent-based web applications | |
| Jovanovic et al. | Pixy: A static analysis tool for detecting web application vulnerabilities (Technical report) | |
| Thomas et al. | Mutation analysis of magento for evaluating threat model-based security testing | |
| Rucareanu | PHP: Securing against SQL injection | |
| Eassa et al. | An Integrated Multi-Agent Testing Tool for Security Checking of Agent-Based Web Applications |