Discover Broken Authentication and Session Management Vulnerabilities in ASP.NET Web Application

Authors

  • Rupal R Sharma  M.Tech, Cyber Security, Student, Department of Information Technology, Raksha Shakti University, Ahmedabad, Gujarat, India
  • Ravi K Sheth  Assistant Prof., Department of Information Technology, Raksha Shakti University, Ahmedabad, Gujarat, India

Keywords:

Web security, session management, session hijack, Broken Authentication, ASP.NET

Abstract

Today, web application security is most significant battlefield between victim, attacker and resource of web service. The websites which are written in ASP.NET might contain security vulnerabilities which are not seen to the owner of the website. This paper describes an algorithm that aims in the detection of security vulnerabilities of broken authentication and session management. The suggested algorithm of this paper performs a scanning process for website and web application files. Our scanner tool relies on studying the source code of the application depending on ASP.NET files and the code behind files (C sharp C#). A program written for this purpose is to generate a report that describes most leaks and vulnerabilities types by mentioning the file name, leak description and its location. The aim of the paper is to discover the broken authentication and session management vulnerabilities. The suggested algorithm will help organization and developer to fix the vulnerabilities and improve the overall security.

References

  1. Xiaowei Li and Yuan Xue, “A survey on Web Application Security” 2012  Institute of Electrical and Electronics Engineers(IEEE)
  2. OWASP Vulnerability Top ten, Retrieved on February,2017 from https://www.owasp.org/index.php/Category:Vulnerability
  3. The Open Web Application Security Project Book, b OWASP Foundation, https://www.owasp.org/images/f/f8/OWASP-Top-10-2013
  4. “VULNERABILITY LIKELIHOOD BY CLASS” , web security statistics report 2016[online] Retrieved on February,2017 from https://info.whitehatsec.com/rs/675-YBI-674/images/WH-2016-Stats-Report-FINAL.pdf
  5. Tony Hunt, “OWASP Top ten for .net developers”, by plural sight publication.
  6. Rajyalakshmi A.G, “broken authentication and session management” Retrieved on March 2017,from http://www.triadsquare.com/broken-authentication-and-session-management
  7. Huyam AL-Amro and Eyas El-Qawasmeh, “Security Vulnerabilities and Leaks in ASP.NET Websites”, 2012 International Conference on E-Learning and E-Technologies in Education (ICEEE).
  8. Paul Gries and Jennifer Campbell, Design Algorithm, Practical programming 2nd edition- A Introduction to computer science using python 3, 2013 The Pragmatic Programmers, LLC.
  9. Paul Gries and Jennifer Campbell, Reading and writing files, Practical programming 2nd edition- A Introduction to computer science using python 3, 2013 The Pragmatic Programmers, LLC.
  10. NET Web Forms page code model, https://msdn.microsoft.com/en-us/library/015103yb.aspx
  11. Sullivan, "Top 10 security vulnerabilities in .NET configuration files", Retrieved on February, 2017 from [Online] http://www.devx.com/dotnet/Article/32493/1954.

International Journal of Scientific Research in Science and Technology

Downloads

Published

2017-04-30

Issue

Volume 3, Issue 3, March-April-2017

Section

Research Articles

License

Copyright (c) IJSRST

Creative Commons License

This work is licensed under a Creative Commons Attribution 4.0 International License.

How to Cite

[1]
Rupal R Sharma, Ravi K Sheth, " Discover Broken Authentication and Session Management Vulnerabilities in ASP.NET Web Application, International Journal of Scientific Research in Science and Technology(IJSRST), Online ISSN : 2395-602X, Print ISSN : 2395-6011, Volume 3, Issue 3, pp.290-293, March-April-2017.