Detecting Logic Vulnerabilities in E-commerce Applications presented at NDSS 2014

by Fangqi Sun, Liang Xu, Zhendong Su,

Summary : This paper describes the first technique to statically detect logic vulnerabilities in e-commerce applications. It formulates a general notion of correct payment logic and validates proper conformance via symbolic execution and taint analysis. A prototype implementation has revealed 11 new, easily exploitable vulnerabilities in widely-deployed open-source e-commerce software.