[vc_empty_space][vc_empty_space]
A vulnerability scanning tool for session management vulnerabilities
Lukanta R.a, Asnar Y.a, Kistijantoro A.I.a
a School of Electrical Engineering and Informatics, Institut Teknologi, Bandung, Indonesia
[vc_row][vc_column][vc_row_inner][vc_column_inner][vc_separator css=”.vc_custom_1624529070653{padding-top: 30px !important;padding-bottom: 30px !important;}”][/vc_column_inner][/vc_row_inner][vc_row_inner layout=”boxed”][vc_column_inner width=”3/4″ css=”.vc_custom_1624695412187{border-right-width: 1px !important;border-right-color: #dddddd !important;border-right-style: solid !important;border-radius: 1px !important;}”][vc_empty_space][megatron_heading title=”Abstract” size=”size-sm” text_align=”text-left”][vc_column_text]© 2014 IEEE.Session management vulnerabilities can be categorized as a group of vulnerability that is still often discovered. Session management vulnerabilities consist of session fixation, CSRF, and insufficient cookies attributes. Based on OWASP Top 10 2013, issues on session management are ranked on 2nd place, while CSRF on 8th. To detect session management vulnerabilities, we developed a vulnerability scanning tool extending an existing open source tool, namely Nikto. To validate our tool, we have performed two types of testing, which are a functional and a field testing. In functional testing, we created some synthetic test cases to prove all the functionalities can function well. In the field testing, we used some existing projects and we can conclude that Nikto failed to execute some test cases and also found some false negative. The false negative is caused by the error in detecting random token performed by CSRF detector.[/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”Author keywords” size=”size-sm” text_align=”text-left”][vc_column_text]Chrome extensions,False negatives,Field testing,Functional testing,Nikto,Open source tools,Session management,Synthetic tests[/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”Indexed keywords” size=”size-sm” text_align=”text-left”][vc_column_text]black box testing,Google Chrome extension,Nikto,session management vulnerabilities,vulnerability scanning[/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”Funding details” size=”size-sm” text_align=”text-left”][vc_column_text][/vc_column_text][vc_empty_space][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][vc_empty_space][megatron_heading title=”DOI” size=”size-sm” text_align=”text-left”][vc_column_text]https://doi.org/10.1109/ICODSE.2014.7062682[/vc_column_text][/vc_column_inner][vc_column_inner width=”1/4″][vc_column_text]Widget Plumx[/vc_column_text][/vc_column_inner][/vc_row_inner][/vc_column][/vc_row][vc_row][vc_column][vc_separator css=”.vc_custom_1624528584150{padding-top: 25px !important;padding-bottom: 25px !important;}”][/vc_column][/vc_row]