Matches in SemOpenAlex for { <https://semopenalex.org/work/W2002079460> ?p ?o ?g. }
Showing items 1 to 89 of
89
with 100 items per page.
- W2002079460 abstract "The complexity of modern web applications makes it difficult for developers to fully understand the security implications of their code. Attackers exploit the resulting security vulnerabilities to gain unauthorized access to the web application environment. Previous research into web application vulnerabilities has mostly focused on input validation flaws, such as cross site scripting and SQL injection, while logic flaws have received comparably less attention. In this paper, we present a comprehensive study of a relatively unknown logic flaw in web applications, which we call Execution After Redirect, or EAR. A web application developer can introduce an EAR by calling a redirect method under the assumption that execution will halt. A vulnerability occurs when server-side execution continues after the developer's intended halting point, which can lead to broken/insufficient access controls and information leakage. We start with an analysis of how susceptible applications written in nine web frameworks are to EAR vulnerabilities. We then discuss the results from the EAR challenge contained within the 2010 International Capture the Flag Competition. Finally, we present an open-source, white-box, static analysis tool to detect EARs in Ruby on Rails web applications. This tool found 3,944 EAR instances in 18,127 open-source applications. Finally, we describe an approach to prevent EARs in web frameworks." @default.
- W2002079460 created "2016-06-24" @default.
- W2002079460 creator A5022177364 @default.
- W2002079460 creator A5050806439 @default.
- W2002079460 creator A5071664443 @default.
- W2002079460 creator A5075685499 @default.
- W2002079460 date "2011-10-17" @default.
- W2002079460 modified "2023-09-23" @default.
- W2002079460 title "Fear the EAR" @default.
- W2002079460 cites W1975428729 @default.
- W2002079460 cites W1983142587 @default.
- W2002079460 cites W2072978486 @default.
- W2002079460 cites W2081212007 @default.
- W2002079460 cites W2083940415 @default.
- W2002079460 cites W2085925880 @default.
- W2002079460 cites W2121417161 @default.
- W2002079460 cites W2128325590 @default.
- W2002079460 cites W2144271133 @default.
- W2002079460 cites W2148001343 @default.
- W2002079460 doi "https://doi.org/10.1145/2046707.2046736" @default.
- W2002079460 hasPublicationYear "2011" @default.
- W2002079460 type Work @default.
- W2002079460 sameAs 2002079460 @default.
- W2002079460 citedByCount "45" @default.
- W2002079460 countsByYear W20020794602012 @default.
- W2002079460 countsByYear W20020794602013 @default.
- W2002079460 countsByYear W20020794602014 @default.
- W2002079460 countsByYear W20020794602015 @default.
- W2002079460 countsByYear W20020794602016 @default.
- W2002079460 countsByYear W20020794602017 @default.
- W2002079460 countsByYear W20020794602018 @default.
- W2002079460 countsByYear W20020794602019 @default.
- W2002079460 countsByYear W20020794602020 @default.
- W2002079460 countsByYear W20020794602021 @default.
- W2002079460 countsByYear W20020794602023 @default.
- W2002079460 crossrefType "proceedings-article" @default.
- W2002079460 hasAuthorship W2002079460A5022177364 @default.
- W2002079460 hasAuthorship W2002079460A5050806439 @default.
- W2002079460 hasAuthorship W2002079460A5071664443 @default.
- W2002079460 hasAuthorship W2002079460A5075685499 @default.
- W2002079460 hasConcept C111919701 @default.
- W2002079460 hasConcept C118643609 @default.
- W2002079460 hasConcept C136764020 @default.
- W2002079460 hasConcept C150451098 @default.
- W2002079460 hasConcept C164120249 @default.
- W2002079460 hasConcept C165696696 @default.
- W2002079460 hasConcept C194222762 @default.
- W2002079460 hasConcept C35578498 @default.
- W2002079460 hasConcept C38652104 @default.
- W2002079460 hasConcept C39569185 @default.
- W2002079460 hasConcept C41008148 @default.
- W2002079460 hasConcept C43126263 @default.
- W2002079460 hasConcept C59241245 @default.
- W2002079460 hasConcept C61423126 @default.
- W2002079460 hasConcept C79373723 @default.
- W2002079460 hasConcept C97854310 @default.
- W2002079460 hasConceptScore W2002079460C111919701 @default.
- W2002079460 hasConceptScore W2002079460C118643609 @default.
- W2002079460 hasConceptScore W2002079460C136764020 @default.
- W2002079460 hasConceptScore W2002079460C150451098 @default.
- W2002079460 hasConceptScore W2002079460C164120249 @default.
- W2002079460 hasConceptScore W2002079460C165696696 @default.
- W2002079460 hasConceptScore W2002079460C194222762 @default.
- W2002079460 hasConceptScore W2002079460C35578498 @default.
- W2002079460 hasConceptScore W2002079460C38652104 @default.
- W2002079460 hasConceptScore W2002079460C39569185 @default.
- W2002079460 hasConceptScore W2002079460C41008148 @default.
- W2002079460 hasConceptScore W2002079460C43126263 @default.
- W2002079460 hasConceptScore W2002079460C59241245 @default.
- W2002079460 hasConceptScore W2002079460C61423126 @default.
- W2002079460 hasConceptScore W2002079460C79373723 @default.
- W2002079460 hasConceptScore W2002079460C97854310 @default.
- W2002079460 hasLocation W20020794601 @default.
- W2002079460 hasOpenAccess W2002079460 @default.
- W2002079460 hasPrimaryLocation W20020794601 @default.
- W2002079460 hasRelatedWork W118052681 @default.
- W2002079460 hasRelatedWork W1693420470 @default.
- W2002079460 hasRelatedWork W1971089520 @default.
- W2002079460 hasRelatedWork W2037704314 @default.
- W2002079460 hasRelatedWork W2085925880 @default.
- W2002079460 hasRelatedWork W2188366209 @default.
- W2002079460 hasRelatedWork W2610725969 @default.
- W2002079460 hasRelatedWork W3092270246 @default.
- W2002079460 hasRelatedWork W4256450364 @default.
- W2002079460 hasRelatedWork W4385706035 @default.
- W2002079460 isParatext "false" @default.
- W2002079460 isRetracted "false" @default.
- W2002079460 magId "2002079460" @default.
- W2002079460 workType "article" @default.