SSOScan: Automated testing of web applications for single sign-on vulnerabilities

Proceedings of the 23rd USENIX Security Symposium

Volumn , Issue , 2014, Pages 495-510

  Zhou, Yuchen ^a   Evans, David ^a  

^a UNIVERSITY OF VIRGINIA   (United States)

Author keywords

[No Author keywords available]

Indexed keywords

AUTHENTICATION; SOCIAL NETWORKING (ONLINE);

AUTHENTICATION AND AUTHORIZATION; AUTOMATED TESTING; DESIGN AND IMPLEMENTATIONS; INTEGRATION REQUIREMENTS; PROGRAMMING TECHNIQUE; SECURITY-CRITICAL; THIRD PARTY SERVICES; WEB APPLICATION;

WEB SERVICES;

EID: 84987652196     PISSN: None     EISSN: None     Source Type: Conference Proceeding    
DOI: None     Document Type: Conference Paper

References (33)

1. th IEEE/ACM International Conference on Automated Software Engineering, 2011.
2. th Network and Distributed System Security Symposium, 2013.
3. th ACM Symposium on Principles of Programming Languages, 2002.
4. th Computer Security Foundations Symposium, 2012.
5. th International World Wide Web Conference, 2002.
6. BugBuster. BugBuster is a Software-as-a-Service to Test Web Applications. http://bugbuster.com/.
7. th International Conference on Model Checking Software, 2005.
8. G. Di Lucca, A. Fasolino, F. Faralli, and U. De Carlini. Testing Web applications. In Journal of Software Maintenance, 2002.
9. th International Conference on Software Engineering, 2003.
10. th International Conference on World Wide Web, 2003.
11. th Network and Distributed System Security Symposium, 2007.
12. st Network and Distributed System Security Symposium, 2014.
13. P. Pirolli, W.-T. Fu, R. Reeder, and S. K. Card. A User-tracing Architecture for Modeling Interaction with the World Wide Web. In First Working Conference on Advanced Visual Interfaces, 2002.
14. V. Rastogi, Y. Chen, and W. Enck. AppsPlay-ground: Automatic Security Analysis of Smart-phone Applications. In Third ACM Conference on Data and Application Security and Privacy, 2013.
15. Redspin Inc. Penetration Testing, Vulnerability Assessments and IT Security Audits. https://www.redspin.com/.
16. rd International Conference on Software Engineering, 2001.
17. st IEEE Symposium on Security and Privacy, 2010.
18. th Network and Distributed System Security Symposium, 2009.
19. Selenium development team. Selenium: Web application testing system. https://selenium.org/.
20. st USENIX Security Symposium, 2012.
21. th IEEE/ACM International Conference on Automated Software Engineering, 2005.
22. S. Sprenkle, E. Hill, and L. Pollock. Learning Effective Oracle Comparator Combinations for Web Applications. In International Conference on Quality Software, 2007.
23. th ACM Conference on Computer and Communications Security, 2012.
24. TestingBot. Selenium Testing in the Cloud - Run Your Cross Browser Tests in Our Online Selenium Grid. http://testingbot.com/.
25. rd IEEE Symposium on Security and Privacy, 2012.
26. nd IEEE Symposium on Security and Privacy, 2011.
27. nd USENIX Security Symposium, 2013.
28. Whitehat Security. Your Web Application Security Company. https://www.whitehatsec.com/.
29. nd IEEE International Conference on Software Maintenance, 2006.
30. th Network and Distributed System Security Symposium, 2013.
31. th ACM Conference on Computer and Communications Security, 2013.
32. C. Zheng, S. Zhu, S. Dai, G. Gu, X. Gong, X. Han, and W. Zou. SmartDroid: An Automatic System for Revealing UI-based Trigger Conditions in Android Applications. In Second ACM Workshop on Security and Privacy in Smartphones and Mobile Devices, 2012.
33. Y. Zhou and D. Evans. Technical Report: SSOScan: Automated Testing of Web Applications for Single Sign-On Vulnerabilities. https://www.ssoscan.org/SSOScan-TR.pdf.