A formal and automated approach to exploiting multi-stage attacks of web applications

Article type: Research Article

Authors: De Meo, Federico^a | Viganò, Luca^{b; *}

Affiliations: [a] Dipartimento di Informatica, Università di Verona, Italy. E-mail: research@demeo.eu | [b] Department of Informatics, King’s College London, United Kingdom. E-mail: luca.vigano@kcl.ac.uk

Correspondence: [*] Corresponding author. E-mail: luca.vigano@kcl.ac.uk.

Abstract: We propose a formal and automated approach that allows one to (i) reason about vulnerabilities of web applications and (ii) combine multiple vulnerabilities for the identification of complex, multi-stage attacks. We have developed WAFEx, an automatic tool that implements our approach and we show its efficiency by applying it to real-world case studies. WAFEx was able to generate, and exploit, previously unknown attacks.

Keywords: Security testing, vulnerability assessment, penetration testing, model checking, web applications, formal methods, SQL injection, cross-site scripting, cross-site request forgery, file-system related vulnerabilities

DOI: 10.3233/JCS-181262

Journal: Journal of Computer Security, vol. 28, no. 5, pp. 525-576, 2020