Visible to the public Biblio

Filters: Author is Venkatakrishnan, V.N.  [Clear All Filters]
2017-05-30
Alhuzali, Abeer, Eshete, Birhanu, Gjomemo, Rigel, Venkatakrishnan, V.N..  2016.  Chainsaw: Chained Automated Workflow-based Exploit Generation. Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security. :641–652.

We tackle the problem of automated exploit generation for web applications. In this regard, we present an approach that significantly improves the state-of-art in web injection vulnerability identification and exploit generation. Our approach for exploit generation tackles various challenges associated with typical web application characteristics: their multi-module nature, interposed user input, and multi-tier architectures using a database backend. Our approach develops precise models of application workflows, database schemas, and native functions to achieve high quality exploit generation. We implemented our approach in a tool called Chainsaw. Chainsaw was used to analyze 9 open source applications and generated over 199 first- and second-order injection exploits combined, significantly outperforming several related approaches.