防篡改:针对web应用程序参数篡改攻击的服务器不可知防御

Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI:10.1145/2435349.2435365

Nazari Skrupsky, Prithvi Bisht, Timothy L. Hinrichs, V. Venkatakrishnan, L. Zuck

{"title":"防篡改:针对web应用程序参数篡改攻击的服务器不可知防御","authors":"Nazari Skrupsky, Prithvi Bisht, Timothy L. Hinrichs, V. Venkatakrishnan, L. Zuck","doi":"10.1145/2435349.2435365","DOIUrl":null,"url":null,"abstract":"Parameter tampering attacks are dangerous to a web application whose server performs weaker data sanitization than its client. This paper presents TamperProof, a methodology and tool that offers a novel and efficient mechanism to protect Web applications from parameter tampering attacks. TamperProof is an online defense deployed in a trusted environment between the client and server and requires no access to, or knowledge of, the server side codebase, making it effective for both new and legacy applications. The paper reports on experiments that demonstrate TamperProof's power in efficiently preventing all known parameter tampering vulnerabilities on ten different applications.","PeriodicalId":118139,"journal":{"name":"Proceedings of the third ACM conference on Data and application security and privacy","volume":null,"pages":null},"PeriodicalIF":0.0000,"publicationDate":"2013-02-18","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"20","resultStr":"{\"title\":\"TamperProof: a server-agnostic defense for parameter tampering attacks on web applications\",\"authors\":\"Nazari Skrupsky, Prithvi Bisht, Timothy L. Hinrichs, V. Venkatakrishnan, L. Zuck\",\"doi\":\"10.1145/2435349.2435365\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"Parameter tampering attacks are dangerous to a web application whose server performs weaker data sanitization than its client. This paper presents TamperProof, a methodology and tool that offers a novel and efficient mechanism to protect Web applications from parameter tampering attacks. TamperProof is an online defense deployed in a trusted environment between the client and server and requires no access to, or knowledge of, the server side codebase, making it effective for both new and legacy applications. The paper reports on experiments that demonstrate TamperProof's power in efficiently preventing all known parameter tampering vulnerabilities on ten different applications.\",\"PeriodicalId\":118139,\"journal\":{\"name\":\"Proceedings of the third ACM conference on Data and application security and privacy\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":0.0000,\"publicationDate\":\"2013-02-18\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"20\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Proceedings of the third ACM conference on Data and application security and privacy\",\"FirstCategoryId\":\"1085\",\"ListUrlMain\":\"https://doi.org/10.1145/2435349.2435365\",\"RegionNum\":0,\"RegionCategory\":null,\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"\",\"JCRName\":\"\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Proceedings of the third ACM conference on Data and application security and privacy","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/2435349.2435365","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 20

摘要

参数篡改攻击对于服务器执行较弱的数据清理的web应用程序是危险的。本文介绍了一种方法和工具，它提供了一种新颖而有效的机制来保护Web应用程序免受参数篡改攻击。防篡改是一种部署在客户端和服务器之间可信环境中的在线防御，不需要访问或了解服务器端代码库，因此对新应用程序和遗留应用程序都有效。本文通过实验证明了TamperProof在十种不同应用程序中有效防止所有已知参数篡改漏洞的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

TamperProof: a server-agnostic defense for parameter tampering attacks on web applications

Parameter tampering attacks are dangerous to a web application whose server performs weaker data sanitization than its client. This paper presents TamperProof, a methodology and tool that offers a novel and efficient mechanism to protect Web applications from parameter tampering attacks. TamperProof is an online defense deployed in a trusted environment between the client and server and requires no access to, or knowledge of, the server side codebase, making it effective for both new and legacy applications. The paper reports on experiments that demonstrate TamperProof's power in efficiently preventing all known parameter tampering vulnerabilities on ten different applications.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Proceedings of the third ACM conference on Data and application security and privacy

自引率

0.00%

发文量