Hide menu

Examensarbeten och uppsatser / Final Theses

Framläggningar på IDA / Presentations at IDA


Se även framläggningar annonserade hos LinTek och ITN i Norrköping / See also presentations announced at LinTek and ITN in Norrköping (in Swedish)

If nothing is stated about the presentation language then the presentation is in Swedish.


WExUpp - kommande framläggningar
2014-09-26 - ADIT
Generating web applications containing XSS and CSRF vulnerabilities
Gustav Ahlberg
Avancerad (30hp)
kl 10:15, Muhammad al-Khwarizmi (På svenska)
[Abstract]
Most of the people in the industrial world are using several web applications every day.
Many of those web applications contain vulnerabilities that can allow attackers to steal sensitive data from the web application's users.
One way to detect these vulnerabilities is to have a penetration tester examine the web application.
A common way to train penetration testers to find vulnerabilities is to challenge them with realistic web applications that contain vulnerabilities.
The penetration tester's assignment is to try to locate and exploit the vulnerabilities in the web application.
Training on the same web application twice will not provide any new challenges to the penetration tester, because the penetration tester already knows how to exploit all the vulnerabilities in the web application.
Therefore, a vast number of web applications and variants of web applications are needed to train on.

This thesis describes a tool designed and developed to automatically generate vulnerable web applications.
First a web application is prepared, so that the tool can generate a vulnerable version of that web application.
The tool injects Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) vulnerabilities in prepared web applications.
Different variations of the same vulnerability can also be injected, so that different methods are needed to exploit the vulnerability depending on the variation.
Some of the vulnerabilities the tool can inject, cannot be detected by current free web application vulnerability scanners, and would thus need to be detected by a penetration tester.

To inject the vulnerabilities, the tool uses abstract syntax trees and taint analysis to detect where vulnerabilities can be injected in the prepared web applications.

Tests confirm that web application vulnerability scanners cannot find all the vulnerabilities on the web applications that have been generated by the tool.


Page responsible: Johan Åberg
Last updated: 2011-03-22