تعداد نشریات | 43 |
تعداد شمارهها | 1,685 |
تعداد مقالات | 13,783 |
تعداد مشاهده مقاله | 32,318,933 |
تعداد دریافت فایل اصل مقاله | 12,777,014 |
BLProM: A black-box approach for detecting business-layer processes in the web applications | |||||||||||||||||||||||||||||||||
Journal of Computing and Security | |||||||||||||||||||||||||||||||||
مقاله 4، دوره 6، شماره 2، مهر 2019، صفحه 65-80 اصل مقاله (704.34 K) | |||||||||||||||||||||||||||||||||
نوع مقاله: Research Article | |||||||||||||||||||||||||||||||||
شناسه دیجیتال (DOI): 10.22108/jcs.2020.117223.1028 | |||||||||||||||||||||||||||||||||
نویسندگان | |||||||||||||||||||||||||||||||||
Mitra Alidoosti1؛ Alireza Nowroozi* 1؛ Ahmad Nickabadi2 | |||||||||||||||||||||||||||||||||
1Malek-Ashtar University of technology, Tehran, Iran. | |||||||||||||||||||||||||||||||||
2Amirkabir University of Tehran, Tehran, Iran. | |||||||||||||||||||||||||||||||||
چکیده | |||||||||||||||||||||||||||||||||
Web application vulnerability scanners cannot detect business logic vulnerabilities (vulnerabilities related to logic) because they are not able to understand the business logic of the web application. To identify the business logic of the web application, this paper presents BLProM, Business-Layer Process Miner, the black-box approach that identifies business processes of the web application. Detecting business processes of the web applications can be used in dynamic security testing to identify business logic vulnerabilities in web applications. BLProM first extracts the navigation graph of the web application then identifies business processes from the navigation graph. The evaluation conducted on three well-known open-source web applications shows that BLProM can detect business logic processes. Experimental results show that BLProM improves web application scanning because it clusters web application pages and prevents scanning similar pages. The proposed approach is compared to OWASP ZAP, an open-source web scanner. We show that BLProM improves web application scanning about %96. | |||||||||||||||||||||||||||||||||
کلیدواژهها | |||||||||||||||||||||||||||||||||
Business layer؛ business process؛ navigation graph | |||||||||||||||||||||||||||||||||
سایر فایل های مرتبط با مقاله
|
|||||||||||||||||||||||||||||||||
مراجع | |||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||
آمار تعداد مشاهده مقاله: 399 تعداد دریافت فایل اصل مقاله: 378 |