Print Email Facebook Twitter Towards automated discovery of access control vulnerabilities Title Towards automated discovery of access control vulnerabilities Author van der Poel, Laurens (TU Delft Electrical Engineering, Mathematics and Computer Science) Contributor Zarras, A. (graduation committee) Conti, M. (mentor) Durieux, T. (graduation committee) van Dongen, Wouter (graduation committee) Degree granting institution Delft University of Technology Programme Computer Science | Cyber Security Date 2022-09-12 Abstract This thesis is a research into developing a methodology and implementation of automated gray-box Broken Access Control Scanning (BACS) in web applications. Broken access controls take first place in the OWASP Top Ten Web Application Security Risks 2021. The need for this research comes from the observation that testing for broken access controls in web applications is labor-intensive, time-consuming, and error-prone. Therefore, security researchers require a modern methodology and toolset for exhaustively discovering access control vulnerabilities in web applications.The posited hypothesis is that the contextual awareness required for access controls can be achieved by assuming that users are only authorized to perform actions accessible via the UI for that particular user. The methodology developed in this research consists of four phases: 1) A crawl phase where an application is crawled as multiple users. 2) A request selection phase, where potentially vulnerable requests are selected. 3) A request replay phase, where selected requests are replayed in the session context of another user. 4) A response comparison phase to identify whether an access control vulnerability has occurred. An implementation is provided and evaluated during web application penetration tests of DongIT. The results show that critical and structural access control issues can be identified when all four stages are completed. However, the intricacies of web applications often pose challenges for one or more of the four stages. From the results, it is concluded that the BACS methodology is a viable strategy and a valuable tool in the toolbelt of a security tester. To reference this document use: http://resolver.tudelft.nl/uuid:7a175319-16c6-4354-b0a7-985729b20b5f Part of collection Student theses Document type master thesis Rights © 2022 Laurens van der Poel Files PDF Laurens_van_der_Poel_CybS ... ersion.pdf 407.75 KB Close viewer /islandora/object/uuid:7a175319-16c6-4354-b0a7-985729b20b5f/datastream/OBJ/view