CFP last date
21 October 2024
Reseach Article

AnDeWA: An Approach for Analyzing and Detecting Work Flow Deviation Attacks in Web Applications

Published on February 2015 by Sireesha C, Jyostna G, Raghuvaran P, P R L Eswari
International Conference on Advances in Science and Technology
Foundation of Computer Science USA
ICAST2014 - Number 1
February 2015
Authors: Sireesha C, Jyostna G, Raghuvaran P, P R L Eswari
deaa0306-e1db-4b49-918f-0aa6f1b4165a

Sireesha C, Jyostna G, Raghuvaran P, P R L Eswari . AnDeWA: An Approach for Analyzing and Detecting Work Flow Deviation Attacks in Web Applications. International Conference on Advances in Science and Technology. ICAST2014, 1 (February 2015), 6-11.

@article{
author = { Sireesha C, Jyostna G, Raghuvaran P, P R L Eswari },
title = { AnDeWA: An Approach for Analyzing and Detecting Work Flow Deviation Attacks in Web Applications },
journal = { International Conference on Advances in Science and Technology },
issue_date = { February 2015 },
volume = { ICAST2014 },
number = { 1 },
month = { February },
year = { 2015 },
issn = 0975-8887,
pages = { 6-11 },
numpages = 6,
url = { /proceedings/icast2014/number1/19467-5004/ },
publisher = {Foundation of Computer Science (FCS), NY, USA},
address = {New York, USA}
}
%0 Proceeding Article
%1 International Conference on Advances in Science and Technology
%A Sireesha C
%A Jyostna G
%A Raghuvaran P
%A P R L Eswari
%T AnDeWA: An Approach for Analyzing and Detecting Work Flow Deviation Attacks in Web Applications
%J International Conference on Advances in Science and Technology
%@ 0975-8887
%V ICAST2014
%N 1
%P 6-11
%D 2015
%I International Journal of Computer Applications
Abstract

Workflow deviations in web application occur due to logical flaws left while designing, implementing and hosting the web application. It is really hard to find the workflow deviations in web applications without accessing the website database and the application sensitive information. In this paper, AnDeWA is presented as a lightweight approach for detecting the workflow deviations in web applications with the minimum prerequisites of users to role binding information. AnDeWA follows the dynamic analysis technique which analyzes the web application behavior at a run time to detect the workflow deviation attacks.

References
  1. Symantec- Internet Security Threat Report 2013 :: Volume 18
  2. http://www. security-audit. com/blog/owasp-top-10-2013/
  3. Alexander Roy Geoghegan, Natarajan Meghanathan*. "Cross Site Scripting (XSS)".
  4. Nenad Jovanovic, Engin Kirda, and Christopher Kruegel. "Preventing Cross Site Request Forgery Attacks".
  5. Bhavna C. K. Nathani Erwin Adi. Website Vulnerability to Session Fixation Attacks
  6. http://www. cs. utexas. edu/users/mckinley/papers/son-phd. pdf
  7. Dafydd Stuttard, Marcus Pinto. The Web Application Hacker's Handbook-Discovering and Exploiting Security Flaws.
  8. David K. Liefer,Steven K. Ziegler. "PHP Vulnerabilities in Web Servers".
  9. Marco Cova. Taming the Malicious Web: Avoiding and Detecting Web-based Attacks.
  10. Symantec. White Paper: Web Based Attacks,February 2009.
  11. Yao-Wen Huang, Fang Yu, Christian Hang, Chung-Hung Tsai, D. T. Lee , Sy-Yen Kuo. Securing Web Application Code by Static Analysis and Runtime Protection.
  12. N. Jovanovic, C. Kruegel, and E. Kirda. Pixy: A static analysis tool for detecting web application vulnerabilities (short paper)
  13. Johannes Dahse. RIPS - A static source code analyser for vulnerabilities in PHP scripts.
  14. Davide Balzarotti, Marco Cova, Viktoria V. Felmetsger, and Giovanni Vigna. Multi-Module Vulnerability Analysis of Web-based Applications.
  15. IBM Rational AppScan Standard -http://public. dhe. ibm. com/common/ssi/ecm/en/rad14019usen/RAD14019USEN. PDF
  16. Marco Cova, Davide Balzarotti, Viktoria Felmetsger, and Giovanni Vigna. Swaddler: An Approach for the Anomaly-based Detection of State Violations in Web Applications.
  17. Acunetix Web Vulnerability Scanner-http://www. acunetix. com.
  18. https://www. owasp. org/images/b/b0/Best_Practices_WAF_v105. en. pdf
  19. https://www. owasp. org/index. php/Category:OWASP_WebScarab_Project
  20. Jeff Heaton Web Spidering. http://www. developer. com/java/other/article. php/1573761/Programming-a-Spider-in-Java. htm
  21. http://www. searchenginejournal. com/best-firefox-addons-to-analyze-the-page-load-time/12419/
Index Terms

Computer Science
Information Sciences

Keywords

Authentication And Authorization Bypass Cross-site Scripting Session Hijacking Work Flow Analysis.