Conference Proceedings

Chainsaw: Chained automated workflow-based exploit generation

Proceedings of the ACM Conference on Computer and Communications Security (2016) 24-28-October-2016 641-652
DOI: 10.1145/2976749.2978380
49Citations
Citations of this article
80Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We tackle the problem of automated exploit generation for web applications. In this regard, we present an approach that significantly improves the state-of-art in web injection vulnerability identification and exploit generation. Our approach for exploit generation tackles various challenges associated with typical web application characteristics: their multi-module nature, interposed user input, and multi-tier architectures using a database backend. Our approach develops precise models of application workflows, database schemas, and native functions to achieve high quality exploit generation. We implemented our approach in a tool called Chainsaw. Chainsaw was used to analyze 9 open source applications and generated over 199 first- and second-order injection exploits combined, significantly outperforming several related approaches.

Author supplied keywords

Cite

CITATION STYLE

APA

Alhuzali, A., Eshete, B., Gjomemo, R., & Venkatakrishnan, V. N. (2016). Chainsaw: Chained automated workflow-based exploit generation. In Proceedings of the ACM Conference on Computer and Communications Security (Vol. 24-28-October-2016, pp. 641–652). Association for Computing Machinery. https://doi.org/10.1145/2976749.2978380

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free