Automatically Detecting Web Application Vulnerabilities By Variable Flow Reconstruction presented at Blackhat Europe 2005

by Stefano Zanero,

Tags: Security Web

Summary : Web application vulnerabilities have become a prominent security threat. Code auditing has proven to be ineffective in properly detecting all the paths leading to attacks. We are developing an automated and innovative code scanner for web applications which operates in a mostly language-independent fashion to track security vulnerabilities directly from the source code, by applying various language-theoretic procedures. Our work exploits the common underlying characteristics of most webapp vulnerabilities to give an unified framework for identifying them during the auditing phase. We will demonstrate a preliminary version of the auditing tool during the talk.