Home > Archives > IJSRST173382 IJSRST-Library

Discover Broken Authentication and Session Management Vulnerabilities in ASP.NET Web Application

Authors(2) :-Rupal R Sharma, Ravi K Sheth

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The websites which are written in ASP.NET might contain security vulnerabilities which are not seen to the owner of the website. This paper describes an algorithm that aims in the detection of security vulnerabilities of broken authentication and session management. The suggested algorithm of this paper performs a scanning process for website and web application files. Our scanner tool relies on studying the source code of the application depending on ASP.NET files and the code behind files (C sharp C#). A program written for this purpose is to generate a report that describes most leaks and vulnerabilities types by mentioning the file name, leak description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The suggested algorithm will help organization and developer to fix the vulnerabilities and improve the overall security.
Rupal R Sharma, Ravi K Sheth
Web security, session management, session hijack, Broken Authentication, ASP.NET
  1. Xiaowei Li and Yuan Xue, “A survey on Web Application Security” 2012  Institute of Electrical and Electronics Engineers(IEEE)
  2. OWASP Vulnerability Top ten, Retrieved on February,2017 from https://www.owasp.org/index.php/Category:Vulnerability
  3. The Open Web Application Security Project Book, b OWASP Foundation, https://www.owasp.org/images/f/f8/OWASP-Top-10-2013
  4. “VULNERABILITY LIKELIHOOD BY CLASS” , web security statistics report 2016[online] Retrieved on February,2017 from https://info.whitehatsec.com/rs/675-YBI-674/images/WH-2016-Stats-Report-FINAL.pdf
  5. Tony Hunt, “OWASP Top ten for .net developers”, by plural sight publication.
  6. Rajyalakshmi A.G, “broken authentication and session management” Retrieved on March 2017,from http://www.triadsquare.com/broken-authentication-and-session-management
  7. Huyam AL-Amro and Eyas El-Qawasmeh, “Security Vulnerabilities and Leaks in ASP.NET Websites”, 2012 International Conference on E-Learning and E-Technologies in Education (ICEEE).
  8. Paul Gries and Jennifer Campbell, Design Algorithm, Practical programming 2nd edition- A Introduction to computer science using python 3, 2013 The Pragmatic Programmers, LLC.
  9. Paul Gries and Jennifer Campbell, Reading and writing files, Practical programming 2nd edition- A Introduction to computer science using python 3, 2013 The Pragmatic Programmers, LLC.
  10. NET Web Forms page code model, https://msdn.microsoft.com/en-us/library/015103yb.aspx
  11. Sullivan, "Top 10 security vulnerabilities in .NET configuration files", Retrieved on February, 2017 from [Online] http://www.devx.com/dotnet/Article/32493/1954.
Publication Details
  Published in : Volume 3 | Issue 3 | March-April 2017
  Date of Publication : 2017-04-30
License:  This work is licensed under a Creative Commons Attribution 4.0 International License.
Page(s) : 290-293
Manuscript Number : IJSRST173382
Publisher : Technoscience Academy
PRINT ISSN : 2395-6011
ONLINE ISSN : 2395-602X
Cite This Article :
Rupal R Sharma, Ravi K Sheth, "Discover Broken Authentication and Session Management Vulnerabilities in ASP.NET Web Application", International Journal of Scientific Research in Science and Technology(IJSRST), Print ISSN : 2395-6011, Online ISSN : 2395-602X, Volume 3, Issue 3, pp.290-293, March-April-2017.
Journal URL : http://ijsrst.com/IJSRST173382

Article Preview