English (United Kingdom)

https://curated-unify.zendy.io/wp-json/zendy-region/v1/featured_content/oa?rat=en

https://curated-unify.zendy.io/wp-json/zendy-region/v1/highlighted_journal/

Zendy Plus

Presents the access of premium content as premium feature

Premium Content

Presents the keyphrase highlighting as premium feature

Keyphrase Highlighting

Presents the summarisation as premium feature

Summarisation

Insights

Presents the pdf analysis as premium feature

PDF Analysis

Presents the zaia usage as premium feature

ZAIA

Zendy Tools

Zendy Open

Web applications require access to the file-system for many different tasks.When analyzing the security of a web application, secu- rity analysts shouldthus consider the impact that file-system operations have on the security ofthe whole application. Moreover, the analysis should take into considerationhow file-system vulnerabilities might in- teract with other vulnerabilitiesleading an attacker to breach into the web application. In this paper, we firstpropose a classification of file- system vulnerabilities, and then, based onthis classification, we present a formal approach that allows one to exploitfile-system vulnerabilities. We give a formal representation of webapplications, databases and file- systems, and show how to reason aboutfile-system vulnerabilities. We also show how to combine file-systemvulnerabilities and SQL-Injection vulnerabilities for the identification ofcomplex, multi-stage attacks. We have developed an automatic tool thatimplements our approach and we show its efficiency by discussing severalreal-world case studies, which are witness to the fact that our tool cangenerate, and exploit, complex attacks that, to the best of our knowledge, noother state-of-the-art-tool for the security of web applications can find.

A Formal Approach to Exploiting Multi-Stage Attacks based on File-System Vulnerabilities of Web Applications (Extended Version)