External Link
https://dl.acm.org/doi/10.1145/2046707.2046774
BibTeX
@inproceedings{10.1145/2046707.2046774, author = {Bisht, Prithvi and Hinrichs, Timothy and Skrupsky, Nazari and Venkatakrishnan, V. N.}, title = {WAPTEC: whitebox analysis of web applications for parameter tampering exploit construction}, year = {2011}, isbn = {9781450309486}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/2046707.2046774}, doi = {10.1145/2046707.2046774}, abstract = {Parameter tampering attacks are dangerous to a web application whose server fails to replicate the validation of user-supplied data that is performed by the client. Malicious users who circumvent the client can capitalize on the missing server validation. In this paper, we describe WAPTEC, a tool that is designed to automatically identify parameter tampering vulnerabilities and generate exploits by construction to demonstrate those vulnerabilities. WAPTEC involves a new approach to whitebox analysis of the server’s code. We tested WAPTEC on six open source applications and found previously unknown vulnerabilities in every single one of them.}, booktitle = {Proceedings of the 18th ACM Conference on Computer and Communications Security}, pages = {575–586}, numpages = {12}, keywords = {constraint solving, exploit construction, parameter tampering, program analysis}, location = {Chicago, Illinois, USA}, series = {CCS ‘11} }