Open AccessRequirements for preventing logic flaws in the authentication procedure of web applications
Author(s) -
Youssou Ndiaye,
Olivier Barais,
Arnaud Blouin,
Ahmed Bouabdallah,
Nicolas Aillery
Publication year - 2019
Publication title -
proceedings of the 37th acm/sigapp symposium on applied computing
Language(s) - English
Resource type - Conference proceedings
ISBN - 978-1-4503-5933-7
DOI - 10.1145/3297280.3297438
Subject(s) - computer science , computer security , authorization , focus (optics) , web application security , authentication (law) , web application , world wide web , the internet , web development , physics , optics
Ensuring the security is one of the most daunting challenges that web applications are facing nowadays. Authentication and authorization are two main security fields that web applications must consider to be protected against unauthorized accesses. Various approaches that detect well-known vulnerabilities and flaws exist. However, these approaches mainly focus on detecting input validation flaws. Another kind of flaws that affect web applications are logic flaws, but they lack of considerations.This paper proposes an approach that helps to considering logic flaws in the context of web applications. The goal of the proposal is to strengthen the authentication procedure of web applications and thus enforce the security early in the design phase. We conducted an empirical study in nine well-known web-based applications to demonstrate that logic flaws may put at risk the authentication procedure. The results showed that logic flaws may be either caused by security issues or usability issues. To overcome such flaws, we provide ten relevant requirements that should be followed in the design of an authentication procedure.
Accelerating Research
Robert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom
Address
John Eccles HouseRobert Robinson Avenue,
Oxford Science Park, Oxford
OX4 4GP, United Kingdom