SlideShare ist ein Scribd-Unternehmen logo

CRAXweb: Automatic Exploit Generation for Web Applications

Aung Thu Rha Hein
Aung Thu Rha Hein

This is my first seminar presentation. The presentation is based on the core paper: CRAXweb: Automatic Web Application Testing and Attack Generation. If you are interested in this research area, other research methods of this research can be found at reference sections.

TechnologieBildung
1 von 36
Downloaden Sie, um offline zu lesen
Lehrstuhl für Informatik 4 1/161/2012 <Title> <Name LastName> Seminar in Computer Science Kip IrvineCRAXweb: Automatic Web Application Testing and Attack Generation1 Shih-Kun Huang ,Han-Lin Lu, Wai-Meng Leong ,Huan Liu National Chiao Tung University Presented by Aung Thu Rha Hein 5536871 1 “CRAXWweb:Automatic Web Application Testing and Attack Generation”, Software Security and Reliability (SERE), June 2013 IEEE 7th International Conference.
Lehrstuhl für Informatik 4 2/161/2012 <Title> <Name LastName> Seminar in Computer Science Outline 1. Introduction 2. Background -What is an exploit? -Dynamic Analysis -Semantic Execution 2. CRAXWeb: Automatic Web Application Testing and Attack Generation 4. Conclusions 5. References
Lehrstuhl für Informatik 4 3/161/2012 <Title> <Name LastName> Seminar in Computer Science ● Software bugs are common ● Especially in web applications ● Some bugs are more harmful ● It is difficult to detect manually ● Static analysis gives developer confusion and false positives ● Manual testing is not effective Introduction Motivation
Lehrstuhl für Informatik 4 4/161/2012 <Title> <Name LastName> Seminar in Computer Science ● Challenge ● How to find exploits, shellcode in the program ● Source code analysis alone is not enough ● Finding exploitable paths among program execution paths Introduction Problem Statements
Lehrstuhl für Informatik 4 5/161/2012 <Title> <Name LastName> Seminar in Computer Science ● To generate exploits for web-applications Introduction Research Objectives
Lehrstuhl für Informatik 4 6/161/2012 <Title> <Name LastName> Seminar in Computer Science ● Exploits techniques vary upon OS architectures ● Type of Exploits ● Stack Overflow Exploit ● Heap Corruption Exploit ● Format String Attack ● Attack Methodologies ● Remote Exploit ● Local Exploit ● Two Stage Exploit ● Tools for writing Exploits: LibExploit, Metasploit, CANVAS Background: Exploits What is an exploit?
Lehrstuhl für Informatik 4 7/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Exploits Stack Overflow Exploit Example #include <string.h> void foo (char *bar) { char c[12]; strcpy(c, bar); } int main (int argc, char **argv) { foo(argv[1]); }
Lehrstuhl für Informatik 4 8/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Exploits Stack Overflow Exploit Example
Lehrstuhl für Informatik 4 9/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Dynamic analysis Introduction ● Monitor code as it executes ● Usefulness of Dynamic analysis ● Precision of information ● Dependence on program inputs ● Four common dynamic analysis techniques: ● Dynamic taint analysis ● Forward symbolic execution ● Frequency Spectrum Analysis ● Coverage Concept Analysis ...
Lehrstuhl für Informatik 4 10/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Dynamic analysis Dynamic Taint Analysis ● To exploit program execution, ● use values from a trusted source ● attackers overwrite, tainted these values ● Taint Analysis Process 1. mark input data from untrusted sources tainted 2. monitor program execution to track how they propagated 3. check when tainted data is used in dangerous ways
Lehrstuhl für Informatik 4 11/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Dynamic analysis Dynamic Taint Analysis Attack detected using TaintCheck
Lehrstuhl für Informatik 4 12/161/2012 <Title> <Name LastName> Seminar in Computer Science Background:Dynamic analysis Symbolic Execution ● Key idea: generalize testing by using unknown ● symbolic variables in evaluation ● int f(1, 2)= int f(α1 , α2) ● Allows unknown symbolic variables in evaluation ● y = α; assert(f(y) == 2*y-1); ● If execution path depends on unknown, conceptually fork symbolic executor ● int f(int x) {if(x > 0) then return 2*x - 1; else return 10;}
Lehrstuhl für Informatik 4 13/161/2012 <Title> <Name LastName> Seminar in Computer Science Background:Dynamic analysis Symbolic Execution Example l …
Lehrstuhl für Informatik 4 14/161/2012 <Title> <Name LastName> Seminar in Computer Science Background:Dynamic analysis Symbolic Execution: Purpose ● E.g. Particular program points reachable? ● E.g. Is array access a[i] out of bounds? ● E.g. Generate concrete inputs that execute same paths ● With constraints solvers ● E.g. Z3, Yices, STP
Lehrstuhl für Informatik 4 15/161/2012 <Title> <Name LastName> Seminar in Computer Science Background:Dynamic analysis Symbolic Execution Limitations ● Scalability Issue when execution paths are large ● Source code, or equivalent is required ● Limitations in solving constraints ● cannot handle non-linear and very complex constraints
Lehrstuhl für Informatik 4 16/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper CRAXweb: Automatic Web Application Testing and Attack Generation
Lehrstuhl für Informatik 4 17/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● Implement AEG for large-scaled web applications ● Focus on XSS and SQLi attacks ● Based on Symbolic Socket or symbolic execution ● Single path concolic mode is used to reduce path- explosion ● Selective Symbolic Execution(S2E) ● Provide the ability to execute a specific part of program ● Simple Theorem Prover(STP) as a constraint solver ● Acunetix as web crawler Overview of CRAXweb
Lehrstuhl für Informatik 4 19/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● Generate test cases and exploits Exploit Generation: Constraint Solving
Lehrstuhl für Informatik 4 20/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Exploit Generation:Constraint Solving x- exploit f(x)- expected attack script
Lehrstuhl für Informatik 4 21/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● To reduce overhead caused by symbolic execution ● Explore one path at a time Single Path Concolic Mode
Lehrstuhl für Informatik 4 22/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Flow diagram of automatic process
Lehrstuhl für Informatik 4 23/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● S2E as symbolic environment Implementation:Symbolic Socket
Lehrstuhl für Informatik 4 24/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● Overall architecture for automatic exploit generator Implementation: Architecture
Lehrstuhl für Informatik 4 25/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Implementation: Symbolic Response and Query Handler ● From Web Crawler to Symbolic Request
Lehrstuhl für Informatik 4 26/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Implementation: Symbolic Response and Query Handler ● From symbolic response or query to exploit generator
Lehrstuhl für Informatik 4 27/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Implementation: Exploit Generation
Lehrstuhl für Informatik 4 28/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Implementation: Exploit Generation ● Algorithm to solve the exploit constraint
Lehrstuhl für Informatik 4 29/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Experiment Environment ● Host OS- Ubuntu 10.10 ● Guest Environment- emulated by Qemu ● Qemu- hosted Debian 5.07 and Windows XP ● Softwares- S2E 1.0 and MySQL as database handler
Lehrstuhl für Informatik 4 30/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Evaluation for different platforms
Lehrstuhl für Informatik 4 31/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Evaluation for Exploit Generation ● With test cases from Ardilla
Lehrstuhl für Informatik 4 32/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Evaluation for Exploit Generation ● With test cases from Ardilla
Lehrstuhl für Informatik 4 33/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Evaluation for Exploit Generation ● With Real world Applications
Lehrstuhl für Informatik 4 34/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Related works
Lehrstuhl für Informatik 4 35/161/2012 <Title> <Name LastName> Seminar in Computer Science Conclusions ● AEG is possible for web applications ● CRAXWeb uses ● Symbolic execution ● Concolic Testing ● However,Still have rooms for development ● for more exploit types ● to integration with browser
Lehrstuhl für Informatik 4 36/161/2012 <Title> <Name LastName> Seminar in Computer Science References Shih-Kun Huang,Han-Lin Lu ; Wai-Meng Leong ; Huan Liu, ”CRAXweb: Automatic Web Application Testing and Attack Generation”, Software Security and Reliability (SERE),IEEE 7th International Conference, June 2013 Shih-Kun Huang,Min-Hsiang Huang ; Po-Yen Huang ; Chung-Wei Lai ; Han-Lin Lu ; Wai-Meng Leong, “CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations” ,Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference, June 2012 Thanassis Avgerinos and Sang Kil Cha and Brent Lim Tze Hao and David Brumley, “AEG: Automatic Exploit Generation”,Network and Distributed System Security Symposium, Feb 2012
Lehrstuhl für Informatik 4 37/161/2012 <Title> <Name LastName> Seminar in Computer Science References James Newsome,Dawn Song,”Dynamic Taint Analysis for Automatic Detection,An alysis, and Signature Generation of Exploitson Commodity Software”, Network and Distributed System Security Symposium, 2005 Cristian Cadar, Daniel Dunbar, Dawson Engler, “KLEE: Unassisted and Automatic Generation of High-CoverageTests for Complex Systems Programs”, USENIX Symposium on Operating Systems Design and Implementation, December 2008

Empfohlen

STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSung Kim
 
Software Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSoftware Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSung Kim
 
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)Sung Kim
 
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Sung Kim
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect PredictionSung Kim
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect PredictionSung Kim
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesSung Kim
 
Software testing: an introduction - 2017
Software testing: an introduction - 2017Software testing: an introduction - 2017
Software testing: an introduction - 2017XavierDevroey
 

Empfohlen

STAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSTAR: Stack Trace based Automatic Crash Reproduction
STAR: Stack Trace based Automatic Crash ReproductionSung Kim
 
Software Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSoftware Defect Prediction on Unlabeled Datasets
Software Defect Prediction on Unlabeled DatasetsSung Kim
 
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)
CrashLocator: Locating Crashing Faults Based on Crash Stacks (ISSTA 2014)Sung Kim
 
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)
Automatically Generated Patches as Debugging Aids: A Human Study (FSE 2014)Sung Kim
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect PredictionSung Kim
 
Personalized Defect Prediction
Personalized Defect PredictionPersonalized Defect Prediction
Personalized Defect PredictionSung Kim
 
A Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesA Survey on Automatic Software Evolution Techniques
A Survey on Automatic Software Evolution TechniquesSung Kim
 
Software testing: an introduction - 2017
Software testing: an introduction - 2017Software testing: an introduction - 2017
Software testing: an introduction - 2017XavierDevroey
 
Dissertation Defense
Dissertation DefenseDissertation Defense
Dissertation DefenseSung Kim
 
MTV15
MTV15MTV15
MTV15Rico Angell
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learningSung Kim
 
TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...
TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...
TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...Iosif Itkin
 
Specifics of static analyzer development and testing
Specifics of static analyzer development and testingSpecifics of static analyzer development and testing
Specifics of static analyzer development and testingAndrey Karpov
 
Search-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability DetectionSearch-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability DetectionLionel Briand
 
OORPT Dynamic Analysis
OORPT Dynamic AnalysisOORPT Dynamic Analysis
OORPT Dynamic Analysislienhard
 
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...Iosif Itkin
 
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Lionel Briand
 
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)lifove
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect Predictionlifove
 
Asim abdulkhaleq final phd dissertation defense
Asim abdulkhaleq final phd dissertation defenseAsim abdulkhaleq final phd dissertation defense
Asim abdulkhaleq final phd dissertation defenseAsim Abdulkhaleq, Dr.rer.nat
 
Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)Sung Kim
 
System Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed AutomataSystem Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed AutomataLionel Briand
 
An Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security EducationAn Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security EducationXiao Qin
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesTao Xie
 
Software Architecture: Introduction to the abstraction (May 2014_Split)
Software Architecture: Introduction to the abstraction (May 2014_Split)Software Architecture: Introduction to the abstraction (May 2014_Split)
Software Architecture: Introduction to the abstraction (May 2014_Split)Henry Muccini
 
Security of OpenDaylight platform
Security of OpenDaylight platformSecurity of OpenDaylight platform
Security of OpenDaylight platformOpenDaylight
 
Windows Kernel & Driver Development
Windows Kernel & Driver DevelopmentWindows Kernel & Driver Development
Windows Kernel & Driver DevelopmentMarcus Botacin
 
Open64 compiler
Open64 compilerOpen64 compiler
Open64 compilerMaria Akther
 
Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Tao Xie
 
Se
SeSe
Seshirish dubey
 

Weitere ähnliche Inhalte

Was ist angesagt?

Dissertation Defense
Dissertation DefenseDissertation Defense
Dissertation DefenseSung Kim
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learningSung Kim
 
TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...
TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...
TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...Iosif Itkin
 
Specifics of static analyzer development and testing
Specifics of static analyzer development and testingSpecifics of static analyzer development and testing
Specifics of static analyzer development and testingAndrey Karpov
 
Search-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability DetectionSearch-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability DetectionLionel Briand
 
OORPT Dynamic Analysis
OORPT Dynamic AnalysisOORPT Dynamic Analysis
OORPT Dynamic Analysislienhard
 
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...Iosif Itkin
 
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Lionel Briand
 
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)lifove
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect Predictionlifove
 
Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)Sung Kim
 
System Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed AutomataSystem Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed AutomataLionel Briand
 

Was ist angesagt? (14)

Dissertation Defense
Dissertation DefenseDissertation Defense
Dissertation Defense
 
MTV15
MTV15MTV15
MTV15
 
Transfer defect learning
Transfer defect learningTransfer defect learning
Transfer defect learning
 
TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...
TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...
TMPA-2017: Technology and Tools for Developing Industrial Software Test Suite...
 
Specifics of static analyzer development and testing
Specifics of static analyzer development and testingSpecifics of static analyzer development and testing
Specifics of static analyzer development and testing
 
Search-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability DetectionSearch-driven String Constraint Solving for Vulnerability Detection
Search-driven String Constraint Solving for Vulnerability Detection
 
OORPT Dynamic Analysis
OORPT Dynamic AnalysisOORPT Dynamic Analysis
OORPT Dynamic Analysis
 
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
TMPA-2017: Regression Testing with Semiautomatic Test Selection for Auditing ...
 
Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...Improving Fault Localization for Simulink Models using Search-Based Testing a...
Improving Fault Localization for Simulink Models using Search-Based Testing a...
 
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
Survey on Software Defect Prediction (PhD Qualifying Examination Presentation)
 
Survey on Software Defect Prediction
Survey on Software Defect PredictionSurvey on Software Defect Prediction
Survey on Software Defect Prediction
 
Asim abdulkhaleq final phd dissertation defense
Asim abdulkhaleq final phd dissertation defenseAsim abdulkhaleq final phd dissertation defense
Asim abdulkhaleq final phd dissertation defense
 
Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)Heterogeneous Defect Prediction (

ESEC/FSE 2015)
Heterogeneous Defect Prediction (

ESEC/FSE 2015)
 
System Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed AutomataSystem Testing of Timing Requirements based on Use Cases and Timed Automata
System Testing of Timing Requirements based on Use Cases and Timed Automata
 

Ähnlich wie CRAXweb: Automatic Exploit Generation for Web Applications

An Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security EducationAn Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security EducationXiao Qin
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesTao Xie
 
Software Architecture: Introduction to the abstraction (May 2014_Split)
Software Architecture: Introduction to the abstraction (May 2014_Split)Software Architecture: Introduction to the abstraction (May 2014_Split)
Software Architecture: Introduction to the abstraction (May 2014_Split)Henry Muccini
 
Security of OpenDaylight platform
Security of OpenDaylight platformSecurity of OpenDaylight platform
Security of OpenDaylight platformOpenDaylight
 
Windows Kernel & Driver Development
Windows Kernel & Driver DevelopmentWindows Kernel & Driver Development
Windows Kernel & Driver DevelopmentMarcus Botacin
 
Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Tao Xie
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chanceDr. Anish Cheriyan (PhD)
 
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016Ori Bendet
 
iFL: An Interactive Environment for Understanding Feature Implementations
iFL: An Interactive Environment for Understanding Feature ImplementationsiFL: An Interactive Environment for Understanding Feature Implementations
iFL: An Interactive Environment for Understanding Feature ImplementationsICSM 2010
 
01_Introduction.ppt
01_Introduction.ppt01_Introduction.ppt
01_Introduction.pptAzanuddin1
 
An exploratory study of the state of practice of performance testing in Java-...
An exploratory study of the state of practice of performance testing in Java-...An exploratory study of the state of practice of performance testing in Java-...
An exploratory study of the state of practice of performance testing in Java-...corpaulbezemer
 
2012 ieee projects software engineering @ Seabirds ( Trichy, Chennai, Pondich...
2012 ieee projects software engineering @ Seabirds ( Trichy, Chennai, Pondich...2012 ieee projects software engineering @ Seabirds ( Trichy, Chennai, Pondich...
2012 ieee projects software engineering @ Seabirds ( Trichy, Chennai, Pondich...SBGC
 
Cloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injectionCloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injectionJorge Cardoso
 
Software Architecture - Allocation taxonomies: building, deployment and distr...
Software Architecture - Allocation taxonomies: building, deployment and distr...Software Architecture - Allocation taxonomies: building, deployment and distr...
Software Architecture - Allocation taxonomies: building, deployment and distr...Jose Emilio Labra Gayo
 
DRESD Project Presentation - December 2006
DRESD Project Presentation - December 2006DRESD Project Presentation - December 2006
DRESD Project Presentation - December 2006santa
 
An Easy To Deploy Penetration Testing Platform
An Easy To Deploy Penetration Testing PlatformAn Easy To Deploy Penetration Testing Platform
An Easy To Deploy Penetration Testing PlatformBo-Chun Peng
 
Priyanka Singh_testing_resume
Priyanka Singh_testing_resumePriyanka Singh_testing_resume
Priyanka Singh_testing_resumePriyanka Singh
 
[ENGLISH] TDC 2015 - PHP Trail - Tests and PHP Continuous Integration Enviro...
[ENGLISH] TDC 2015 - PHP Trail - Tests and PHP Continuous Integration Enviro...[ENGLISH] TDC 2015 - PHP Trail - Tests and PHP Continuous Integration Enviro...
[ENGLISH] TDC 2015 - PHP Trail - Tests and PHP Continuous Integration Enviro...Bruno Tanoue
 

Ähnlich wie CRAXweb: Automatic Exploit Generation for Web Applications (20)

An Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security EducationAn Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security Education
 
Software Analytics - Achievements and Challenges
Software Analytics - Achievements and ChallengesSoftware Analytics - Achievements and Challenges
Software Analytics - Achievements and Challenges
 
Software Architecture: Introduction to the abstraction (May 2014_Split)
Software Architecture: Introduction to the abstraction (May 2014_Split)Software Architecture: Introduction to the abstraction (May 2014_Split)
Software Architecture: Introduction to the abstraction (May 2014_Split)
 
Security of OpenDaylight platform
Security of OpenDaylight platformSecurity of OpenDaylight platform
Security of OpenDaylight platform
 
Windows Kernel & Driver Development
Windows Kernel & Driver DevelopmentWindows Kernel & Driver Development
Windows Kernel & Driver Development
 
Open64 compiler
Open64 compilerOpen64 compiler
Open64 compiler
 
Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)Software Analytics: Towards Software Mining that Matters (2014)
Software Analytics: Towards Software Mining that Matters (2014)
 
Se
SeSe
Se
 
Penetration testing dont just leave it to chance
Penetration testing dont just leave it to chancePenetration testing dont just leave it to chance
Penetration testing dont just leave it to chance
 
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
Tales from the Dark Side: Ori Bendet Selenium Conference India 2016
 
iFL: An Interactive Environment for Understanding Feature Implementations
iFL: An Interactive Environment for Understanding Feature ImplementationsiFL: An Interactive Environment for Understanding Feature Implementations
iFL: An Interactive Environment for Understanding Feature Implementations
 
01_Introduction.ppt
01_Introduction.ppt01_Introduction.ppt
01_Introduction.ppt
 
An exploratory study of the state of practice of performance testing in Java-...
An exploratory study of the state of practice of performance testing in Java-...An exploratory study of the state of practice of performance testing in Java-...
An exploratory study of the state of practice of performance testing in Java-...
 
2012 ieee projects software engineering @ Seabirds ( Trichy, Chennai, Pondich...
2012 ieee projects software engineering @ Seabirds ( Trichy, Chennai, Pondich...2012 ieee projects software engineering @ Seabirds ( Trichy, Chennai, Pondich...
2012 ieee projects software engineering @ Seabirds ( Trichy, Chennai, Pondich...
 
Cloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injectionCloud Reliability: Decreasing outage frequency using fault injection
Cloud Reliability: Decreasing outage frequency using fault injection
 
Software Architecture - Allocation taxonomies: building, deployment and distr...
Software Architecture - Allocation taxonomies: building, deployment and distr...Software Architecture - Allocation taxonomies: building, deployment and distr...
Software Architecture - Allocation taxonomies: building, deployment and distr...
 
DRESD Project Presentation - December 2006
DRESD Project Presentation - December 2006DRESD Project Presentation - December 2006
DRESD Project Presentation - December 2006
 
An Easy To Deploy Penetration Testing Platform
An Easy To Deploy Penetration Testing PlatformAn Easy To Deploy Penetration Testing Platform
An Easy To Deploy Penetration Testing Platform
 
Priyanka Singh_testing_resume
Priyanka Singh_testing_resumePriyanka Singh_testing_resume
Priyanka Singh_testing_resume
 
[ENGLISH] TDC 2015 - PHP Trail - Tests and PHP Continuous Integration Enviro...
[ENGLISH] TDC 2015 - PHP Trail - Tests and PHP Continuous Integration Enviro...[ENGLISH] TDC 2015 - PHP Trail - Tests and PHP Continuous Integration Enviro...
[ENGLISH] TDC 2015 - PHP Trail - Tests and PHP Continuous Integration Enviro...
 

Mehr von Aung Thu Rha Hein

Bioinformatics for Computer Scientists
Bioinformatics for Computer Scientists Bioinformatics for Computer Scientists
Bioinformatics for Computer Scientists Aung Thu Rha Hein
 
Analysis of hybrid image with FFT (Fast Fourier Transform)
Analysis of hybrid image with FFT (Fast Fourier Transform)Analysis of hybrid image with FFT (Fast Fourier Transform)
Analysis of hybrid image with FFT (Fast Fourier Transform)Aung Thu Rha Hein
 
Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Aung Thu Rha Hein
 
Private Browsing: A Window of Forensic Opportunity
Private Browsing: A Window of Forensic OpportunityPrivate Browsing: A Window of Forensic Opportunity
Private Browsing: A Window of Forensic OpportunityAung Thu Rha Hein
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeAung Thu Rha Hein
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital ForensicAung Thu Rha Hein
 
Partitioned Based Regression Verification
Partitioned Based Regression VerificationPartitioned Based Regression Verification
Partitioned Based Regression VerificationAung Thu Rha Hein
 
Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresAung Thu Rha Hein
 
Can the elephants handle the no sql onslaught
Can the elephants handle the no sql onslaughtCan the elephants handle the no sql onslaught
Can the elephants handle the no sql onslaughtAung Thu Rha Hein
 
Fuzzy logic based students’ learning assessment
Fuzzy logic based students’ learning assessmentFuzzy logic based students’ learning assessment
Fuzzy logic based students’ learning assessmentAung Thu Rha Hein
 

Mehr von Aung Thu Rha Hein (19)

Writing with ease
Writing with easeWriting with ease
Writing with ease
 
Bioinformatics for Computer Scientists
Bioinformatics for Computer Scientists Bioinformatics for Computer Scientists
Bioinformatics for Computer Scientists
 
Analysis of hybrid image with FFT (Fast Fourier Transform)
Analysis of hybrid image with FFT (Fast Fourier Transform)Analysis of hybrid image with FFT (Fast Fourier Transform)
Analysis of hybrid image with FFT (Fast Fourier Transform)
 
Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)Introduction to Common Weakness Enumeration (CWE)
Introduction to Common Weakness Enumeration (CWE)
 
Private Browsing: A Window of Forensic Opportunity
Private Browsing: A Window of Forensic OpportunityPrivate Browsing: A Window of Forensic Opportunity
Private Browsing: A Window of Forensic Opportunity
 
Network switching
Network switchingNetwork switching
Network switching
 
Digital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research ChallengeDigital Forensic: Brief Intro & Research Challenge
Digital Forensic: Brief Intro & Research Challenge
 
Survey & Review of Digital Forensic
Survey & Review of Digital ForensicSurvey & Review of Digital Forensic
Survey & Review of Digital Forensic
 
Partitioned Based Regression Verification
Partitioned Based Regression VerificationPartitioned Based Regression Verification
Partitioned Based Regression Verification
 
Botnets 101
Botnets 101Botnets 101
Botnets 101
 
Session initiation protocol
Session initiation protocolSession initiation protocol
Session initiation protocol
 
TPC-H in MongoDB
TPC-H in MongoDBTPC-H in MongoDB
TPC-H in MongoDB
 
Web application security: Threats & Countermeasures
Web application security: Threats & CountermeasuresWeb application security: Threats & Countermeasures
Web application security: Threats & Countermeasures
 
Cloud computing security
Cloud computing securityCloud computing security
Cloud computing security
 
Can the elephants handle the no sql onslaught
Can the elephants handle the no sql onslaughtCan the elephants handle the no sql onslaught
Can the elephants handle the no sql onslaught
 
Fuzzy logic based students’ learning assessment
Fuzzy logic based students’ learning assessmentFuzzy logic based students’ learning assessment
Fuzzy logic based students’ learning assessment
 
Link state routing protocol
Link state routing protocolLink state routing protocol
Link state routing protocol
 
Chat bot analysis
Chat bot analysisChat bot analysis
Chat bot analysis
 
Data mining & column stores
Data mining & column storesData mining & column stores
Data mining & column stores
 

Kürzlich hochgeladen

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...Zilliz
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Victor Rentea
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyKhushali Kathiriya
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...apidays
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamUiPathCommunity
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...apidays
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...apidays
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Jeffrey Haguewood
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusZilliz
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024The Digital Insurer
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Orbitshub
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...apidays
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Angeliki Cooney
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 

Kürzlich hochgeladen (20)

"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
 
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
Biography Of Angeliki Cooney | Senior Vice President Life Sciences | Albany, ...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 

CRAXweb: Automatic Exploit Generation for Web Applications

  • 1. Lehrstuhl für Informatik 4 1/161/2012 <Title> <Name LastName> Seminar in Computer Science Kip IrvineCRAXweb: Automatic Web Application Testing and Attack Generation1 Shih-Kun Huang ,Han-Lin Lu, Wai-Meng Leong ,Huan Liu National Chiao Tung University Presented by Aung Thu Rha Hein 5536871 1 “CRAXWweb:Automatic Web Application Testing and Attack Generation”, Software Security and Reliability (SERE), June 2013 IEEE 7th International Conference.
  • 2. Lehrstuhl für Informatik 4 2/161/2012 <Title> <Name LastName> Seminar in Computer Science Outline 1. Introduction 2. Background -What is an exploit? -Dynamic Analysis -Semantic Execution 2. CRAXWeb: Automatic Web Application Testing and Attack Generation 4. Conclusions 5. References
  • 3. Lehrstuhl für Informatik 4 3/161/2012 <Title> <Name LastName> Seminar in Computer Science ● Software bugs are common ● Especially in web applications ● Some bugs are more harmful ● It is difficult to detect manually ● Static analysis gives developer confusion and false positives ● Manual testing is not effective Introduction Motivation
  • 4. Lehrstuhl für Informatik 4 4/161/2012 <Title> <Name LastName> Seminar in Computer Science ● Challenge ● How to find exploits, shellcode in the program ● Source code analysis alone is not enough ● Finding exploitable paths among program execution paths Introduction Problem Statements
  • 5. Lehrstuhl für Informatik 4 5/161/2012 <Title> <Name LastName> Seminar in Computer Science ● To generate exploits for web-applications Introduction Research Objectives
  • 6. Lehrstuhl für Informatik 4 6/161/2012 <Title> <Name LastName> Seminar in Computer Science ● Exploits techniques vary upon OS architectures ● Type of Exploits ● Stack Overflow Exploit ● Heap Corruption Exploit ● Format String Attack ● Attack Methodologies ● Remote Exploit ● Local Exploit ● Two Stage Exploit ● Tools for writing Exploits: LibExploit, Metasploit, CANVAS Background: Exploits What is an exploit?
  • 7. Lehrstuhl für Informatik 4 7/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Exploits Stack Overflow Exploit Example #include <string.h> void foo (char *bar) { char c[12]; strcpy(c, bar); } int main (int argc, char **argv) { foo(argv[1]); }
  • 8. Lehrstuhl für Informatik 4 8/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Exploits Stack Overflow Exploit Example
  • 9. Lehrstuhl für Informatik 4 9/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Dynamic analysis Introduction ● Monitor code as it executes ● Usefulness of Dynamic analysis ● Precision of information ● Dependence on program inputs ● Four common dynamic analysis techniques: ● Dynamic taint analysis ● Forward symbolic execution ● Frequency Spectrum Analysis ● Coverage Concept Analysis ...
  • 10. Lehrstuhl für Informatik 4 10/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Dynamic analysis Dynamic Taint Analysis ● To exploit program execution, ● use values from a trusted source ● attackers overwrite, tainted these values ● Taint Analysis Process 1. mark input data from untrusted sources tainted 2. monitor program execution to track how they propagated 3. check when tainted data is used in dangerous ways
  • 11. Lehrstuhl für Informatik 4 11/161/2012 <Title> <Name LastName> Seminar in Computer Science Background: Dynamic analysis Dynamic Taint Analysis Attack detected using TaintCheck
  • 12. Lehrstuhl für Informatik 4 12/161/2012 <Title> <Name LastName> Seminar in Computer Science Background:Dynamic analysis Symbolic Execution ● Key idea: generalize testing by using unknown ● symbolic variables in evaluation ● int f(1, 2)= int f(α1 , α2) ● Allows unknown symbolic variables in evaluation ● y = α; assert(f(y) == 2*y-1); ● If execution path depends on unknown, conceptually fork symbolic executor ● int f(int x) {if(x > 0) then return 2*x - 1; else return 10;}
  • 13. Lehrstuhl für Informatik 4 13/161/2012 <Title> <Name LastName> Seminar in Computer Science Background:Dynamic analysis Symbolic Execution Example l …
  • 14. Lehrstuhl für Informatik 4 14/161/2012 <Title> <Name LastName> Seminar in Computer Science Background:Dynamic analysis Symbolic Execution: Purpose ● E.g. Particular program points reachable? ● E.g. Is array access a[i] out of bounds? ● E.g. Generate concrete inputs that execute same paths ● With constraints solvers ● E.g. Z3, Yices, STP
  • 15. Lehrstuhl für Informatik 4 15/161/2012 <Title> <Name LastName> Seminar in Computer Science Background:Dynamic analysis Symbolic Execution Limitations ● Scalability Issue when execution paths are large ● Source code, or equivalent is required ● Limitations in solving constraints ● cannot handle non-linear and very complex constraints
  • 16. Lehrstuhl für Informatik 4 16/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper CRAXweb: Automatic Web Application Testing and Attack Generation
  • 17. Lehrstuhl für Informatik 4 17/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● Implement AEG for large-scaled web applications ● Focus on XSS and SQLi attacks ● Based on Symbolic Socket or symbolic execution ● Single path concolic mode is used to reduce path- explosion ● Selective Symbolic Execution(S2E) ● Provide the ability to execute a specific part of program ● Simple Theorem Prover(STP) as a constraint solver ● Acunetix as web crawler Overview of CRAXweb
  • 18. Lehrstuhl für Informatik 4 19/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● Generate test cases and exploits Exploit Generation: Constraint Solving
  • 19. Lehrstuhl für Informatik 4 20/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Exploit Generation:Constraint Solving x- exploit f(x)- expected attack script
  • 20. Lehrstuhl für Informatik 4 21/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● To reduce overhead caused by symbolic execution ● Explore one path at a time Single Path Concolic Mode
  • 21. Lehrstuhl für Informatik 4 22/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Flow diagram of automatic process
  • 22. Lehrstuhl für Informatik 4 23/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● S2E as symbolic environment Implementation:Symbolic Socket
  • 23. Lehrstuhl für Informatik 4 24/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper ● Overall architecture for automatic exploit generator Implementation: Architecture
  • 24. Lehrstuhl für Informatik 4 25/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Implementation: Symbolic Response and Query Handler ● From Web Crawler to Symbolic Request
  • 25. Lehrstuhl für Informatik 4 26/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Implementation: Symbolic Response and Query Handler ● From symbolic response or query to exploit generator
  • 26. Lehrstuhl für Informatik 4 27/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Implementation: Exploit Generation
  • 27. Lehrstuhl für Informatik 4 28/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Implementation: Exploit Generation ● Algorithm to solve the exploit constraint
  • 28. Lehrstuhl für Informatik 4 29/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Experiment Environment ● Host OS- Ubuntu 10.10 ● Guest Environment- emulated by Qemu ● Qemu- hosted Debian 5.07 and Windows XP ● Softwares- S2E 1.0 and MySQL as database handler
  • 29. Lehrstuhl für Informatik 4 30/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Evaluation for different platforms
  • 30. Lehrstuhl für Informatik 4 31/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Evaluation for Exploit Generation ● With test cases from Ardilla
  • 31. Lehrstuhl für Informatik 4 32/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Evaluation for Exploit Generation ● With test cases from Ardilla
  • 32. Lehrstuhl für Informatik 4 33/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Evaluation for Exploit Generation ● With Real world Applications
  • 33. Lehrstuhl für Informatik 4 34/161/2012 <Title> <Name LastName> Seminar in Computer Science Research Paper Results: Related works
  • 34. Lehrstuhl für Informatik 4 35/161/2012 <Title> <Name LastName> Seminar in Computer Science Conclusions ● AEG is possible for web applications ● CRAXWeb uses ● Symbolic execution ● Concolic Testing ● However,Still have rooms for development ● for more exploit types ● to integration with browser
  • 35. Lehrstuhl für Informatik 4 36/161/2012 <Title> <Name LastName> Seminar in Computer Science References Shih-Kun Huang,Han-Lin Lu ; Wai-Meng Leong ; Huan Liu, ”CRAXweb: Automatic Web Application Testing and Attack Generation”, Software Security and Reliability (SERE),IEEE 7th International Conference, June 2013 Shih-Kun Huang,Min-Hsiang Huang ; Po-Yen Huang ; Chung-Wei Lai ; Han-Lin Lu ; Wai-Meng Leong, “CRAX: Software Crash Analysis for Automatic Exploit Generation by Modeling Attacks as Symbolic Continuations” ,Software Security and Reliability (SERE), 2012 IEEE Sixth International Conference, June 2012 Thanassis Avgerinos and Sang Kil Cha and Brent Lim Tze Hao and David Brumley, “AEG: Automatic Exploit Generation”,Network and Distributed System Security Symposium, Feb 2012
  • 36. Lehrstuhl für Informatik 4 37/161/2012 <Title> <Name LastName> Seminar in Computer Science References James Newsome,Dawn Song,”Dynamic Taint Analysis for Automatic Detection,An alysis, and Signature Generation of Exploitson Commodity Software”, Network and Distributed System Security Symposium, 2005 Cristian Cadar, Daniel Dunbar, Dawson Engler, “KLEE: Unassisted and Automatic Generation of High-CoverageTests for Complex Systems Programs”, USENIX Symposium on Operating Systems Design and Implementation, December 2008