TamperProof: a server-agnostic defense for parameter tampering attacks on web applications

Proceedings of the third ACM conference on Data and application security and privacy Pub Date : 2013-02-18 DOI:10.1145/2435349.2435365

Nazari Skrupsky, Prithvi Bisht, Timothy L. Hinrichs, V. Venkatakrishnan, L. Zuck

引用次数: 20

Abstract

Parameter tampering attacks are dangerous to a web application whose server performs weaker data sanitization than its client. This paper presents TamperProof, a methodology and tool that offers a novel and efficient mechanism to protect Web applications from parameter tampering attacks. TamperProof is an online defense deployed in a trusted environment between the client and server and requires no access to, or knowledge of, the server side codebase, making it effective for both new and legacy applications. The paper reports on experiments that demonstrate TamperProof's power in efficiently preventing all known parameter tampering vulnerabilities on ten different applications.

查看原文

微信好友朋友圈 QQ好友复制链接

本刊更多论文

防篡改:针对web应用程序参数篡改攻击的服务器不可知防御

参数篡改攻击对于服务器执行较弱的数据清理的web应用程序是危险的。本文介绍了一种方法和工具，它提供了一种新颖而有效的机制来保护Web应用程序免受参数篡改攻击。防篡改是一种部署在客户端和服务器之间可信环境中的在线防御，不需要访问或了解服务器端代码库，因此对新应用程序和遗留应用程序都有效。本文通过实验证明了TamperProof在十种不同应用程序中有效防止所有已知参数篡改漏洞的能力。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文去求助

来源期刊

Proceedings of the third ACM conference on Data and application security and privacy

自引率

0.00%

发文量

期刊最新文献

Effect of grammar on security of long passwords A new approach for delegation in usage control Session details: Poster session Multi-user dynamic proofs of data possession using trusted hardware All your browser-saved passwords could belong to us: a security analysis and a cloud-based new design