Toward Black-Box Detection of Logic Flaws in Web Applications presented at NDSS 2014

by Davide Balzarotti, Giancarlo Pellegrino,

Summary : In this paper we present a black-box testing technique to detect logic vulnerabilities in web applications. Our technique is based on the automatic identification of a number of behavioral patterns starting from few network traces in which users interact with a certain application’s functionality. Based on the extracted model, we then generate targeted test cases following a number common attacks patterns. We applied our technique against seven eCommerce web applications detecting 10 previously-unknown logic flaws.