Skip to main content
Conference Proceedings

A formal approach to exploiting multi-stage attacks based on file-system vulnerabilities of web applications

Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (2017) 10379 LNCS 196-212
DOI: 10.1007/978-3-319-62105-0_13
4Citations
Citations of this article
15Readers
Mendeley users who have this article in their library.
Get full text

Abstract

We propose a formal approach that allows one to (i) reason about file-system vulnerabilities of web applications and (ii) combine file-system vulnerabilities and SQL-Injection vulnerabilities for complex, multi-stage attacks. We have developed an automatic tool that implements our approach and we show its efficiency by discussing four real world case studies, which are witness to the fact that our tool can generate, and exploit, attacks that, to the best of our knowledge, no other tool for the security of web applications can find.

Cite

CITATION STYLE

APA

de Meo, F., & Viganò, L. (2017). A formal approach to exploiting multi-stage attacks based on file-system vulnerabilities of web applications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10379 LNCS, pp. 196–212). Springer Verlag. https://doi.org/10.1007/978-3-319-62105-0_13

Register to see more suggestions

Mendeley helps you to discover research relevant for your work.

Already have an account?

Save time finding and organizing research with Mendeley

Sign up for free