Automatic Detection of Page Flow Defect in Web Application
This paper introduces an automatic detecting method for page flow defect in Web application.It detects potential vulnerabilities in the pages firstly,and extracts state views and diversion information at the same time.Inter-page analysis constructs a flow diagram of views with the views and diversion information, which is the state transition graph of the Web application,then detects whether it exists available diversion between views,which isnt showed in the diagram.We give the illegal diversion a name of page flow defect. We also illuminate the effectiveness of this method by a simple Web application. The method not only detects vulnerabilities in the pages,but also considers state transition between pages and detects page flow defects by a modeling approach.
web application vulnerability detection tainted analysis state view inter-page analysis
Jinding Wang Fan Jiang
School of Computer,USTC,Hefei 230027,P.R.China
国际会议
2009 International Conference on Information,Electronic and Computer Science(2009 国际信息、电子与计算机工程学术会议)
青岛
英文
91-95
2009-11-21(万方平台首次上网日期,不代表论文的发表时间)