Requirements for preventing logic flaws in the authentication procedure of web applications

Abstract : Ensuring the security is one of the most daunting challenges that web applications are facing nowadays. Authentication and authorization are two main security fields that web applications must consider to be protected against unauthorized accesses. Various approaches that detect well-known vulnerabilities and flaws exist. However, these approaches mainly focus on detecting input validation flaws. Another kind of flaws that affect web applications are logic flaws, but they lack of considerations. This paper proposes an approach that helps to considering logic flaws in the context of web applications. The goal of the proposal is to strengthen the authentication procedure of web applications and thus enforce the security early in the design phase. We conducted an empirical study in nine well-known web-based applications to demonstrate that logic flaws may put at risk the authentication procedure. The results showed that logic flaws may be either caused by security issues or usability issues. To overcome such flaws, we provide ten relevant requirements that should be followed in the design of an authentication procedure.
Document type :
Conference papers
Complete list of metadatas

https://hal.inria.fr/hal-02087663
Contributor : Arnaud Blouin <>
Submitted on : Tuesday, April 2, 2019 - 1:03:18 PM
Last modification on : Friday, April 12, 2019 - 1:32:14 AM

File

main.pdf
Files produced by the author(s)

Identifiers

Citation

Youssou Ndiaye, Olivier Barais, Arnaud Blouin, Ahmed Bouabdallah, Nicolas Aillery. Requirements for preventing logic flaws in the authentication procedure of web applications. SAC 2019 - 34th ACM/SIGAPP Symposium On Applied Computing, Apr 2019, Limassol, Cyprus. pp.1-9, ⟨10.1145/3297280.3297438⟩. ⟨hal-02087663⟩

Share

Metrics

Record views

102

Files downloads

138