Call for Paper - August 2019 Edition
IJCA solicits original research papers for the August 2019 Edition. Last date of manuscript submission is July 20, 2019. Read More

AnDeWA: An Approach for Analyzing and Detecting Work Flow Deviation Attacks in Web Applications

Print
PDF
IJCA Proceedings on International Conference on Advances in Science and Technology
© 2015 by IJCA Journal
ICAST 2014 - Number 1
Year of Publication: 2015
Authors:
Sireesha C
Jyostna G
Raghuvaran P
P R L Eswari

Sireesha C, Jyostna G, Raghuvaran P and P R L Eswari. Article: AnDeWA: An Approach for Analyzing and Detecting Work Flow Deviation Attacks in Web Applications. IJCA Proceedings on International Conference on Advances in Science and Technology ICAST 2014(1):6-11, February 2015. Full text available. BibTeX

@article{key:article,
	author = {Sireesha C and Jyostna G and Raghuvaran P and P R L Eswari},
	title = {Article: AnDeWA: An Approach for Analyzing and Detecting Work Flow Deviation Attacks in Web Applications},
	journal = {IJCA Proceedings on International Conference on Advances in Science and Technology},
	year = {2015},
	volume = {ICAST 2014},
	number = {1},
	pages = {6-11},
	month = {February},
	note = {Full text available}
}

Abstract

Workflow deviations in web application occur due to logical flaws left while designing, implementing and hosting the web application. It is really hard to find the workflow deviations in web applications without accessing the website database and the application sensitive information. In this paper, AnDeWA is presented as a lightweight approach for detecting the workflow deviations in web applications with the minimum prerequisites of users to role binding information. AnDeWA follows the dynamic analysis technique which analyzes the web application behavior at a run time to detect the workflow deviation attacks.

References

  • Symantec- Internet Security Threat Report 2013 :: Volume 18
  • http://www. security-audit. com/blog/owasp-top-10-2013/
  • Alexander Roy Geoghegan, Natarajan Meghanathan*. "Cross Site Scripting (XSS)".
  • Nenad Jovanovic, Engin Kirda, and Christopher Kruegel. "Preventing Cross Site Request Forgery Attacks".
  • Bhavna C. K. Nathani Erwin Adi. Website Vulnerability to Session Fixation Attacks
  • http://www. cs. utexas. edu/users/mckinley/papers/son-phd. pdf
  • Dafydd Stuttard, Marcus Pinto. The Web Application Hacker's Handbook-Discovering and Exploiting Security Flaws.
  • David K. Liefer,Steven K. Ziegler. "PHP Vulnerabilities in Web Servers".
  • Marco Cova. Taming the Malicious Web: Avoiding and Detecting Web-based Attacks.
  • Symantec. White Paper: Web Based Attacks,February 2009.
  • Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, D. T. Lee , Sy-Yen Kuo. Securing Web Application Code by Static Analysis and Runtime Protection.
  • N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper)
  • Johannes Dahse. RIPS - A static source code analyser for vulnerabilities in PHP scripts.
  • Davide Balzarotti, Marco Cova, Viktoria V. Felmetsger, and Giovanni Vigna. Multi-Module Vulnerability Analysis of Web-based Applications.
  • IBM Rational AppScan Standard -http://public. dhe. ibm. com/common/ssi/ecm/en/rad14019usen/RAD14019USEN. PDF
  • Marco Cova, Davide Balzarotti, Viktoria Felmetsger, and Giovanni Vigna. Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications.
  • Acunetix Web Vulnerability Scanner-http://www. acunetix. com.
  • https://www. owasp. org/images/b/b0/Best_Practices_WAF_v105. en. pdf
  • https://www. owasp. org/index. php/Category:OWASP_WebScarab_Project
  • Jeff Heaton Web Spidering. http://www. developer. com/java/other/article. php/1573761/Programming-a-Spider-in-Java. htm
  • http://www. searchenginejournal. com/best-firefox-addons-to-analyze-the-page-load-time/12419/