Academic
Publications
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications

NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications,10.1145/1866307.1866375,Prithvi Bisht,Timothy Hinrichs

NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications   (Citations: 2)
BibTex | RIS | RefWorks Download
Web applications rely heavily on client-side computation to examine and validate form inputs that are supplied by a user (e.g., "credit card expiration date must be valid"). This is typically done for two reasons: to reduce burden on the server and to avoid latencies in communicating with the server. However, when a server fails to replicate the validation performed on the client, it is potentially vulnerable to attack. In this paper, we present a novel approach for automatically detecting potential server-side vulnerabilities of this kind in existing (legacy) web applications through blackbox analysis. We discuss the design and implementation of NoTamper, a tool that realizes this approach. NoTamper has been employed to discover several previously unknown vulnerabilities in a number of open-source web applications and live web sites.
Cumulative Annual
View Publication
The following links allow you to view full publications. These links are maintained by other sources not affiliated with Microsoft Academic Search.
    • ...There are two approaches which are close to our approach [13, 14] and which focus more generally on testing the input validation mechanisms [13] and on bypassing client side validation to discover parameter tampering attacks [14] using a similar approach...
    • ...There are two approaches which are close to our approach [13, 14] and which focus more generally on testing the input validation mechanisms [13] and on bypassing client side validation to discover parameter tampering attacks [14] using a similar approach...

    Tejeddine Mouelhiet al. Tailored Shielding and Bypass Testing of Web Applications

    • ...One example is that of business logic vulnerabilities, and our ongoing work [10] extends WEBAPPARMOR towards the direction of automatically detecting and preventing these vulnerabilities...

    V. N. Venkatakrishnanet al. WebAppArmor: A Framework for Robust Prevention of Attacks on Web Appli...

Sort by: