Category:OWASP Access Control Rules Tester Project
|Project Name||OWASP Access Control Rules Tester Project|
|Short Project Description|| Often web applications contain sensitive data and provide functionality which should be protected from unauthorized access. Explicit access control policies can be leveraged for validating the access control, but, unfortunately, these policies are rarely defined in case of web applications. It is known that access control flaws in web applications may be revealed with black-box analysis, but the existing “differential analysis” approach has certain limitations. We believe that taking the state of the web application into account could help to overcome the limitations of exiting approach.
This project proposes a novel approach to black-box web application testing, which utilizes a use-case graph. The graph contains classes of actions within the web application and their dependencies. By traversing the graph and applying differential analysis at each step of the traversal, it is possible to improve the accuracy of the method. This idea was implemented in the tool AcCoRuTe (Access Control Rules Tester).
|Key Project Information||Project Leader
GNU General Public License v2
OWASP SoC 08
|Release Status||Main Links||Related Projects|
PPT Presentation from OWASP EU Summmit 2009
If any, add link here
This category currently contains no pages or media.