A Hesitation Step into the BlackBox: Heuristic-Based Web Applications Reverse Engineering

Abstract : Automated black-box scanners alternatively reverse-engineer and fuzz web applications to detect vulnerabilities. It is established that the knowledge they acquired about such applications plays a key role in their ability to exhibit vulnerabilities. In this talk, we adapt a method to automatically reverse-engineer web applications. Three heuristics drive this process. Empirical experiments show that our method obtains a more precise knowledge of the application than state-of-the-art tools, and also increases vulnerability detection capability.
Type de document :
Communication dans un congrès
NSC 2013 - NoSuchCon Conference, May 2013, Paris, France. 2013
Liste complète des métadonnées

https://hal.inria.fr/hal-00853730
Contributeur : Jean-Luc Richier <>
Soumis le : lundi 26 août 2013 - 16:12:33
Dernière modification le : jeudi 11 octobre 2018 - 08:48:04

Identifiants

  • HAL Id : hal-00853730, version 1

Collections

Citation

Fabien Duchene, Sanjay Rawat, Jean-Luc Richier, Roland Groz. A Hesitation Step into the BlackBox: Heuristic-Based Web Applications Reverse Engineering. NSC 2013 - NoSuchCon Conference, May 2013, Paris, France. 2013. 〈hal-00853730〉

Partager

Métriques

Consultations de la notice

312