We propose a formal approach that allows one to (i) reason about file-system vulnerabilities of web applications and (ii) combine file-system vulnerabilities and SQL-Injection vulnerabilities for complex, multi-stage attacks. We have developed an automatic tool that implements our approach and we show its efficiency by discussing four real world case studies, which are witness to the fact that our tool can generate, and exploit, attacks that, to the best of our knowledge, no other tool for the security of web applications can find.
CITATION STYLE
de Meo, F., & Viganò, L. (2017). A formal approach to exploiting multi-stage attacks based on file-system vulnerabilities of web applications. In Lecture Notes in Computer Science (including subseries Lecture Notes in Artificial Intelligence and Lecture Notes in Bioinformatics) (Vol. 10379 LNCS, pp. 196–212). Springer Verlag. https://doi.org/10.1007/978-3-319-62105-0_13
Mendeley helps you to discover research relevant for your work.