Discover Broken Authentication and Session Management Vulnerabilities in ASP.NET Web Application

Authors(2) :-Rupal R Sharma, Ravi K Sheth

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The websites which are written in ASP.NET might contain security vulnerabilities which are not seen to the owner of the website. This paper describes an algorithm that aims in the detection of security vulnerabilities of broken authentication and session management. The suggested algorithm of this paper performs a scanning process for website and web application files. Our scanner tool relies on studying the source code of the application depending on ASP.NET files and the code behind files (C sharp C#). A program written for this purpose is to generate a report that describes most leaks and vulnerabilities types by mentioning the file name, leak description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The suggested algorithm will help organization and developer to fix the vulnerabilities and improve the overall security.

Authors and Affiliations

Rupal R Sharma
M.Tech, Cyber Security, Student, Department of Information Technology, Raksha Shakti University, Ahmedabad, Gujarat, India
Ravi K Sheth
Assistant Prof., Department of Information Technology, Raksha Shakti University, Ahmedabad, Gujarat, India

Web security, session management, session hijack, Broken Authentication, ASP.NET

  1. Xiaowei Li and Yuan Xue, “A survey on Web Application Security” 2012  Institute of Electrical and Electronics Engineers(IEEE)
  2. OWASP Vulnerability Top ten, Retrieved on February,2017 from https://www.owasp.org/index.php/Category:Vulnerability
  3. The Open Web Application Security Project Book, b OWASP Foundation, https://www.owasp.org/images/f/f8/OWASP-Top-10-2013
  4. “VULNERABILITY LIKELIHOOD BY CLASS” , web security statistics report 2016[online] Retrieved on February,2017 from https://info.whitehatsec.com/rs/675-YBI-674/images/WH-2016-Stats-Report-FINAL.pdf
  5. Tony Hunt, “OWASP Top ten for .net developers”, by plural sight publication.
  6. Rajyalakshmi A.G, “broken authentication and session management” Retrieved on March 2017,from http://www.triadsquare.com/broken-authentication-and-session-management
  7. Huyam AL-Amro and Eyas El-Qawasmeh, “Security Vulnerabilities and Leaks in ASP.NET Websites”, 2012 International Conference on E-Learning and E-Technologies in Education (ICEEE).
  8. Paul Gries and Jennifer Campbell, Design Algorithm, Practical programming 2nd edition- A Introduction to computer science using python 3, 2013 The Pragmatic Programmers, LLC.
  9. Paul Gries and Jennifer Campbell, Reading and writing files, Practical programming 2nd edition- A Introduction to computer science using python 3, 2013 The Pragmatic Programmers, LLC.
  10. NET Web Forms page code model, https://msdn.microsoft.com/en-us/library/015103yb.aspx
  11. Sullivan, "Top 10 security vulnerabilities in .NET configuration files", Retrieved on February, 2017 from [Online] http://www.devx.com/dotnet/Article/32493/1954.

Publication Details

Published in : Volume 3 | Issue 3 | March-April 2017
Date of Publication : 2017-04-30
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 290-293
Manuscript Number : IJSRST173382
Publisher : Technoscience Academy

Print ISSN : 2395-6011, Online ISSN : 2395-602X

Cite This Article :

Rupal R Sharma, Ravi K Sheth, " Discover Broken Authentication and Session Management Vulnerabilities in ASP.NET Web Application", International Journal of Scientific Research in Science and Technology(IJSRST), Print ISSN : 2395-6011, Online ISSN : 2395-602X, Volume 3, Issue 3, pp.290-293, March-April-2017.
Journal URL : http://ijsrst.com/IJSRST173382

Article Preview