Browse Prior Art Database

A Hybrid End-to-End Targeted Method for Web Application Vulnerability Detection and Assessment of Level of Protection through Catcher Simulation Disclosure Number: IPCOM000247540D
Publication Date: 2016-Sep-14
Document File: 4 page(s) / 80K

Publishing Venue

The Prior Art Database


Disclosed are techniques that offer a complete end-to-end method for application vulnerability assessment that is focused on use cases inducing vulnerabilities, detection of whether an application is already protected and gauging its level of protection, and automatic simulation of vulnerability Catchers to eliminate and minimize false positives.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 34% of the total text.

Page 01 of 4

A Hybrid End-to-End Targeted Method for Web Application Vulnerability Detection and Assessment of Level of Protection through Catcher Simulation

Despite a great deal of research and development surrounding the detection and prevention of web applications' vulnerabilities, exposures and susceptibility to web attacks remain commonplace. One reason for this is that tools detecting web application (App) vulnerabilities are not highly accurate in detection and lack both detailed semantics and end-to-end coverage of elements participating in vulnerability attacks. Another reason for continued vulnerability is that web attacks continuously

change and evolve.

A method is needed to increase the level of accuracy and efficiency of detecting web

application vulnerabilities.

The solution is a method driven in two dimensions. First, the solution is driven by the number of use cases leading to a particular vulnerability; the more use cases, the greater the need is to address vulnerability. Second, the solution is driven by the vulnerability type and hence the associated impact scope on the hosting systems and execution environment. These two criteria map out the criticality of the vulnerability, and hence guide the testing in the order of criticality and focused urgency.

The core ideas and methods described herein follow:

1. A method for the determination of Tainted Use Cases

2. A method for the development of the Tainted Use Case to a Sinks Bipartite

graph and the use of the graph to focus/target assessment (the nodes indegree and outdegree)

3. A method for a detailed determination of vulnerability semantics for each Tainted

use case (detailed types of attacks)

4. A method that introduces a new participant element in the instantiation of a Web

  attack called a Catcher
5. A method that uses the Catcher simulation in order to determine whether an

application is protected and further gauge its degree and strength of protection against new and existing attacks, and eliminate (or at least minimize) false positives

The solution employs a hybrid method of static and dynamic analyses. The approach first uses the static analysis of the application (mostly will be source at development time, although nothing prevents applying the static analyses on the binary representation of the application using the pin tool, for instance).

The Bipartite Graph (Tainted Use Cases to Sinks)

During the static analysis, the method discovers all the source-tainting points (i.e., data items of the application input that is exploitable by malicious users). The method uses standard information flow tracking to determine the reachability of such input to a potential Sink in the application. After that, uses cases are built that lead to vulnerabilities based off the tainted input. From the control code of the web App


Page 02 of 4

(controller in the Model-View-Controller (MVC) model), all the tainted use cases can be deduced by a simple rule: "any incoming request that contain...