Document Type : Research Article
Authors
1 Malek-Ashtar University of technology, Tehran, Iran.
2 Amirkabir University of Tehran, Tehran, Iran.
Abstract
Keywords
[1] | Common vulnerabilities and exposures. https://cve.mitre.org/cve/cve.html. [ bib ] |
[2] | 2015 ITRC. Identity Theft Resource Center Breach Report Hits Near Record High in 2015. http://www.idtheftcenter.org/ITRC-Surveys-Studies/2015databreaches.html, Accessed Feb, 2017. [ bib ] |
[3] | G. Pellegrino and D. Balzarotti. Toward Black-Box Detection of Logic Flaws in Web Applications. In Network and Distributed System Security symposium 2014 (NDSS2014), 2014. [ bib | DOI ] |
[4] | Testing for business logic, OWASP. https://www.owasp.org/index.php/Testing_for_business_logic, Accessed Feb, 2017. [ bib ] |
[5] | D. Balzarotti, M. Cova, V. Felmetsger, and G. Vigna. Multi-module vulnerability analysis of web-based applications. In Proceedings of the 14th ACM conference on Computer and communications security, page 25–35. ACM, 2007. [ bib | DOI ] |
[6] | A. Doupé, B. Boe, C. Kruegel, and G. Vigna. Fear the EAR: discovering and mitigating execution after redirect vulnerabilities. In Proceedings of the 18th ACM conference on Computer and communications security, page 251–262. ACM, 2011. [ bib | DOI ] |
[7] | V. Felmetsger, L. Cavedon, C. Kruegel, and G. Vigna. Business Logic Attacks – Bots and BATs, OWASP, 2009. In USENIX Security Symposium, 2010. [ bib ] |
[8] | E. Chai. Business Logic Attacks – Bots and BATs, OWASP, 2009. https://www.owasp.org/images/a/aa/OWASP_Cincinnati_Jan_2011.pdf, Accessed Feb. 2017. [ bib ] |
[9] | X. Li and Y. Xue. BLOCK: a black-box approach for detection of state violation attacks towards web applications. In Proceedings of the 27th Annual Computer Security Applications Conference, page 247–256, 2011. [ bib | DOI ] |
[10] | M. Cova, D. Balzarotti, V. Felmetsger, and G. Vigna. Swaddler: An Approach for the Anomaly-Based Detection of State Violations in Web Applications. In Giovanni, pages 63--86. Springer, Berlin, Heidelberg, 2007. [ bib | DOI ] |
[11] | X. Li, W. Yan, and Y. Xue. SENTINEL: securing database from logic flaws in web applications. In Proceedings of the second ACM conference on Data and Application Security and Privacy, page 25–36, 2012. [ bib | DOI ] |
[12] | M. Alidoosti and A. Nowroozi. BLDAST: business-layer Dynamic Application Security Tester of the web application in order to detect web application vulnerabilities against flooding DoS attacks. In Iran Society of Cryptology Conference, shiraz, Iran. in Persian, 2017. [ bib ] |
[13] | M. Alidoosti, A. Nowroozi, and A. Nickabadi. Evaluating the Web-Application Resiliency to Business-Layer DoS Attacks. ETRI Journal, 2019. [ bib | DOI ] |
[14] | M. Alidoosti and A. Nowroozi. BLTOCTTOU: business-layer dynamic application security tester of the web application in order to detect web application vulnerabilities against Race Condition attacks. In Computer Society of Iran Conference, Tehran, Iran. in Persian, 2018. [ bib ] |
[15] | M. Alidoosti and A. Nowroozi. BLProM: Business-layer process miner of the web application. In ISCISC, pages 1--6. IEEE, 2018. [ bib | DOI ] |
[16] | V. Crescenzi, P. Merialdo, and P. Missier. Clustering Web pages based on their structure. Data & Knowledge Engineering, 54(3):279--299, 2005. [ bib | DOI ] |