Abstract | ||
---|---|---|
In recent years there is a surge of serialization-based vulnerabilities in web applications which have led to serious incidents, exposing private data of millions of individuals. Although there have been some efforts in addressing this problem, there is still no unified solution that is able to detect implementation-agnostic vulnerabilities. We aim to fill this gap by proposing ObjectMap, an extendable tool for the detection of deserialization and object injection vulnerabilities in Java and PHP based web applications. Furthermore, we also introduce the first deserialization test environment which can be used to test deserialization vulnerability detection tools and for educational purposes. Both of these tools are easily extendable and the first to implement this combination of features to the best of our knowledge and they bring together a synthesis of cross-complementing functionalities that are able to ignite further research in the field and help in the development of more feature-rich solutions.
|
Year | DOI | Venue |
---|---|---|
2019 | 10.1145/3368640.3368680 | Proceedings of the 23rd Pan-Hellenic Conference on Informatics |
Keywords | Field | DocType |
insecure deserialization, security, vulnerability scanner, web application | Data mining,Serialization,Computer science,Computer security,Vulnerability scanner,Web application,Java,Vulnerability,Vulnerability detection | Conference |
ISBN | Citations | PageRank |
978-1-4503-7292-3 | 0 | 0.34 |
References | Authors | |
0 | 5 |
Name | Order | Citations | PageRank |
---|---|---|---|
Nikolaos Koutroumpouchos | 1 | 0 | 0.34 |
Georgios Lavdanis | 2 | 0 | 0.34 |
Eleni Veroni | 3 | 0 | 0.34 |
Christoforos Ntantogian | 4 | 86 | 13.03 |
Christos Xenakis | 5 | 221 | 28.00 |