External Link
https://dl.acm.org/doi/10.1145/2484313.2484375
BibTeX
@inproceedings{10.1145/2484313.2484375, author = {Li, Xiaowei and Xue, Yuan}, title = {LogicScope: automatic discovery of logic vulnerabilities within web applications}, year = {2013}, isbn = {9781450317672}, publisher = {Association for Computing Machinery}, address = {New York, NY, USA}, url = {https://doi.org/10.1145/2484313.2484375}, doi = {10.1145/2484313.2484375}, abstract = {Logic flaws are an important class of vulnerabilities within web applications, which allow sensitive information and restrictive operations to be accessed at inappropriate application states. In this paper, we take a first step towards a systematic black-box approach to identifying logic vulnerabilities within web applications. We first construct a partial FSM over the expected input domain by collecting and analyzing the execution traces when users follow the navigation paths within the web application. Then, we test the application at each state by constructing unexpected input vectors and evaluating corresponding web responses. We implement a prototype system LogicScope and demonstrate its effectiveness using a set of real world web applications.}, booktitle = {Proceedings of the 8th ACM SIGSAC Symposium on Information, Computer and Communications Security}, pages = {481–486}, numpages = {6}, keywords = {Web application security, logic vulnerability, finite state machine}, location = {Hangzhou, China}, series = {ASIA CCS ‘13} }