University of Twente Student Theses
Towards systematic black-box testing for exploitable race conditions in web apps
Emous, Rob J. van (2019) Towards systematic black-box testing for exploitable race conditions in web apps.
|
PDF
7MB |
| Abstract: | In this research, we focus on a stealthy issue in web apps called a race condition. This is often omitted in black-box security tests because no real guidelines exist of how to perform these tests and no dedicated tools exist to support this. That is why, in this research, we developed the first systematic method to test for race conditions in web apps from a black-box perspective. We also built a tool to support the exploitation and evaluated both in comparison with related tools. The toolset performed better than or equal to existing tools. Also, using the method yielded clear results, and we found critical issues with financial impact in two popular e-commerce web apps. Based on these results, we conclude that we have successfully created a method and toolset that are sufficient for security testing. We are also aware that much more research is required to expand upon these findings. Still, we hereby achieved the first step towards systematic testing for race conditions in web apps, and by that, we hope that this will have a positive effect on software quality in the future. |
| Item Type: | Essay (Master) |
| Clients: | Computest, Zoetermeer, Netherlands |
| Faculty: | EEMCS: Electrical Engineering, Mathematics and Computer Science |
| Subject: | 54 computer science |
| Programme: | Computer Science MSc (60300) |
| Link to this item: | https://purl.utwente.nl/essays/78020 |
| Export this item as: | BibTeX EndNote HTML Citation Reference Manager |
Show download statistics for this publication
Show download statistics for this publicationRepository Staff Only: item control page