University of Twente Student Theses

Login

Towards systematic black-box testing for exploitable race conditions in web apps

Emous, Rob J. van (2019) Towards systematic black-box testing for exploitable race conditions in web apps.

[img] PDF
7MB
Abstract:In this research, we focus on a stealthy issue in web apps called a race condition. This is often omitted in black-box security tests because no real guidelines exist of how to perform these tests and no dedicated tools exist to support this. That is why, in this research, we developed the first systematic method to test for race conditions in web apps from a black-box perspective. We also built a tool to support the exploitation and evaluated both in comparison with related tools. The toolset performed better than or equal to existing tools. Also, using the method yielded clear results, and we found critical issues with financial impact in two popular e-commerce web apps. Based on these results, we conclude that we have successfully created a method and toolset that are sufficient for security testing. We are also aware that much more research is required to expand upon these findings. Still, we hereby achieved the first step towards systematic testing for race conditions in web apps, and by that, we hope that this will have a positive effect on software quality in the future.
Item Type:Essay (Master)
Clients:
Computest, Zoetermeer, Netherlands
Faculty:EEMCS: Electrical Engineering, Mathematics and Computer Science
Subject:54 computer science
Programme:Computer Science MSc (60300)
Link to this item:http://purl.utwente.nl/essays/78020
Export this item as:BibTeX
EndNote
HTML Citation
Reference Manager

 

Repository Staff Only: item control page