SlideShare a Scribd company logo
Access Control Rules Tester ,[object Object],[object Object],[object Object],[object Object]
Contents ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Web Security group at  Computing Systems Lab, Moscow State University Andrew Petukhov Dmitry Kozlov Igor Konnov MSU Computer Science faculty students who participate in our projects: Georgy Klimov, Edward Toroschin, Denis Zalivin, Alexander Mischenkko
Our contributions to OWASP ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
What is flawed access control?
What is flawed access control?  -- continued --
What is flawed access control?  -- continued --
Web Application Model ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Tasks of access control tester ,[object Object],[object Object],[object Object],[object Object],[object Object]
Deliveries of the Project ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Sitemap Building Workflow
Access Control Testing Workflow
Features and Limitations ,[object Object],[object Object],[object Object],[object Object],[object Object],[object Object],[object Object]
Future work ,[object Object],[object Object],[object Object],[object Object],[object Object]
Thank You! Any questions?

More Related Content

Viewers also liked

Detecting Insufficient Access Control in Web Applications
Detecting Insufficient Access Control in Web ApplicationsDetecting Insufficient Access Control in Web Applications
Detecting Insufficient Access Control in Web Applications
Andrew Petukhov
 
Обнаружение уязвимостей в механизме авторизации веб-приложении
Обнаружение уязвимостей в механизме авторизации веб-приложенииОбнаружение уязвимостей в механизме авторизации веб-приложении
Обнаружение уязвимостей в механизме авторизации веб-приложении
Andrew Petukhov
 
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникацииАрмия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Andrew Petukhov
 
Обнаружение уязвимостей логики приложений методом статического анализа. Где п...
Обнаружение уязвимостей логики приложений методом статического анализа. Где п...Обнаружение уязвимостей логики приложений методом статического анализа. Где п...
Обнаружение уязвимостей логики приложений методом статического анализа. Где п...
Andrew Petukhov
 
Benchmark сканеров SQL injection
Benchmark сканеров SQL injectionBenchmark сканеров SQL injection
Benchmark сканеров SQL injection
Andrew Petukhov
 
Обеспечение безопасности расширений в корпоративных информационных системах
Обеспечение безопасности расширений в корпоративных информационных системахОбеспечение безопасности расширений в корпоративных информационных системах
Обеспечение безопасности расширений в корпоративных информационных системах
Andrew Petukhov
 
Безопасность веб-приложений: starter edition
Безопасность веб-приложений: starter editionБезопасность веб-приложений: starter edition
Безопасность веб-приложений: starter edition
Andrew Petukhov
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
Andrew Petukhov
 
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
Andrew Petukhov
 

Viewers also liked (9)

Detecting Insufficient Access Control in Web Applications
Detecting Insufficient Access Control in Web ApplicationsDetecting Insufficient Access Control in Web Applications
Detecting Insufficient Access Control in Web Applications
 
Обнаружение уязвимостей в механизме авторизации веб-приложении
Обнаружение уязвимостей в механизме авторизации веб-приложенииОбнаружение уязвимостей в механизме авторизации веб-приложении
Обнаружение уязвимостей в механизме авторизации веб-приложении
 
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникацииАрмия освобождения домохозяек: структура, состав вооружений, методы коммуникации
Армия освобождения домохозяек: структура, состав вооружений, методы коммуникации
 
Обнаружение уязвимостей логики приложений методом статического анализа. Где п...
Обнаружение уязвимостей логики приложений методом статического анализа. Где п...Обнаружение уязвимостей логики приложений методом статического анализа. Где п...
Обнаружение уязвимостей логики приложений методом статического анализа. Где п...
 
Benchmark сканеров SQL injection
Benchmark сканеров SQL injectionBenchmark сканеров SQL injection
Benchmark сканеров SQL injection
 
Обеспечение безопасности расширений в корпоративных информационных системах
Обеспечение безопасности расширений в корпоративных информационных системахОбеспечение безопасности расширений в корпоративных информационных системах
Обеспечение безопасности расширений в корпоративных информационных системах
 
Безопасность веб-приложений: starter edition
Безопасность веб-приложений: starter editionБезопасность веб-приложений: starter edition
Безопасность веб-приложений: starter edition
 
No locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructureNo locked doors, no windows barred: hacking OpenAM infrastructure
No locked doors, no windows barred: hacking OpenAM infrastructure
 
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
Detecting Security Vulnerabilities in Web Applications Using Dynamic Analysis...
 

Similar to Access Control Rules Tester

A model for performance testing of ajax based web applications
A model for performance testing of ajax based web applicationsA model for performance testing of ajax based web applications
A model for performance testing of ajax based web applications
eSAT Publishing House
 
API & Backend Integration
API & Backend IntegrationAPI & Backend Integration
API & Backend Integration
Elewayte
 
IBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security SolutionIBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security Solution
hearme limited company
 
System requirements engineering
System requirements engineeringSystem requirements engineering
System requirements engineering
Animesh Chaturvedi
 
Mirri5
Mirri5Mirri5
Mirri5
Simon Harper
 
A novel approach for evaluation of applying ajax in the web site
A novel approach for evaluation of applying ajax in the web siteA novel approach for evaluation of applying ajax in the web site
A novel approach for evaluation of applying ajax in the web site
eSAT Publishing House
 
Reliability Improvement with PSP of Web-Based Software Applications
Reliability Improvement with PSP of Web-Based Software ApplicationsReliability Improvement with PSP of Web-Based Software Applications
Reliability Improvement with PSP of Web-Based Software Applications
CSEIJJournal
 
Preetham Paulose
Preetham PaulosePreetham Paulose
Preetham Paulose
Preetham Paulose
 
Selenium Testing Training in Bangalore
Selenium Testing Training in BangaloreSelenium Testing Training in Bangalore
Selenium Testing Training in Bangalore
rajkamal560066
 
Ajax
AjaxAjax
Components of a Generic Web Application Architecture
Components of  a Generic Web Application ArchitectureComponents of  a Generic Web Application Architecture
Components of a Generic Web Application Architecture
MadonnaLamin1
 
Testing Web Apps and API's
Testing Web Apps and API'sTesting Web Apps and API's
Testing Web Apps and API's
PractiTest
 
Testing Web Apps and APIs (1)
Testing Web Apps and APIs (1)Testing Web Apps and APIs (1)
Testing Web Apps and APIs (1)
AAron EvaNS
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3
Abdelmonaim Remani
 
Parallel verification of software architecture design
Parallel verification of software architecture designParallel verification of software architecture design
Parallel verification of software architecture design
Nacha Chondamrongkul
 
Automated Fixing of Web UI Tests via Iterative Element Matching
Automated Fixing of Web UI Tests via Iterative Element MatchingAutomated Fixing of Web UI Tests via Iterative Element Matching
Automated Fixing of Web UI Tests via Iterative Element Matching
YuanzhangLin
 
Edit Event: Automated Fixing of Web UI Tests via Iterative Element Matching
Edit Event: Automated Fixing of Web UI Tests via Iterative Element MatchingEdit Event: Automated Fixing of Web UI Tests via Iterative Element Matching
Edit Event: Automated Fixing of Web UI Tests via Iterative Element Matching
YuanzhangLin
 
Yii Framework Security
Yii Framework SecurityYii Framework Security
Yii Framework Security
Ilko Kacharov
 
Scale and Load Testing of Micro-Service
Scale and Load Testing of Micro-ServiceScale and Load Testing of Micro-Service
Scale and Load Testing of Micro-Service
IRJET Journal
 
Client Side MVC & Angular
Client Side MVC & AngularClient Side MVC & Angular
Client Side MVC & Angular
Alexe Bogdan
 

Similar to Access Control Rules Tester (20)

A model for performance testing of ajax based web applications
A model for performance testing of ajax based web applicationsA model for performance testing of ajax based web applications
A model for performance testing of ajax based web applications
 
API & Backend Integration
API & Backend IntegrationAPI & Backend Integration
API & Backend Integration
 
IBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security SolutionIBM AppScan Standard - The Web Application Security Solution
IBM AppScan Standard - The Web Application Security Solution
 
System requirements engineering
System requirements engineeringSystem requirements engineering
System requirements engineering
 
Mirri5
Mirri5Mirri5
Mirri5
 
A novel approach for evaluation of applying ajax in the web site
A novel approach for evaluation of applying ajax in the web siteA novel approach for evaluation of applying ajax in the web site
A novel approach for evaluation of applying ajax in the web site
 
Reliability Improvement with PSP of Web-Based Software Applications
Reliability Improvement with PSP of Web-Based Software ApplicationsReliability Improvement with PSP of Web-Based Software Applications
Reliability Improvement with PSP of Web-Based Software Applications
 
Preetham Paulose
Preetham PaulosePreetham Paulose
Preetham Paulose
 
Selenium Testing Training in Bangalore
Selenium Testing Training in BangaloreSelenium Testing Training in Bangalore
Selenium Testing Training in Bangalore
 
Ajax
AjaxAjax
Ajax
 
Components of a Generic Web Application Architecture
Components of  a Generic Web Application ArchitectureComponents of  a Generic Web Application Architecture
Components of a Generic Web Application Architecture
 
Testing Web Apps and API's
Testing Web Apps and API'sTesting Web Apps and API's
Testing Web Apps and API's
 
Testing Web Apps and APIs (1)
Testing Web Apps and APIs (1)Testing Web Apps and APIs (1)
Testing Web Apps and APIs (1)
 
Building enterprise web applications with spring 3
Building enterprise web applications with spring 3Building enterprise web applications with spring 3
Building enterprise web applications with spring 3
 
Parallel verification of software architecture design
Parallel verification of software architecture designParallel verification of software architecture design
Parallel verification of software architecture design
 
Automated Fixing of Web UI Tests via Iterative Element Matching
Automated Fixing of Web UI Tests via Iterative Element MatchingAutomated Fixing of Web UI Tests via Iterative Element Matching
Automated Fixing of Web UI Tests via Iterative Element Matching
 
Edit Event: Automated Fixing of Web UI Tests via Iterative Element Matching
Edit Event: Automated Fixing of Web UI Tests via Iterative Element MatchingEdit Event: Automated Fixing of Web UI Tests via Iterative Element Matching
Edit Event: Automated Fixing of Web UI Tests via Iterative Element Matching
 
Yii Framework Security
Yii Framework SecurityYii Framework Security
Yii Framework Security
 
Scale and Load Testing of Micro-Service
Scale and Load Testing of Micro-ServiceScale and Load Testing of Micro-Service
Scale and Load Testing of Micro-Service
 
Client Side MVC & Angular
Client Side MVC & AngularClient Side MVC & Angular
Client Side MVC & Angular
 

Recently uploaded

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
Pablo Gómez Abajo
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
Neo4j
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
Enterprise Knowledge
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
saastr
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
christinelarrosa
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
Fwdays
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
Ivo Velitchkov
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
saastr
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
Zilliz
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Tosin Akinosho
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
ssuserfac0301
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
akankshawande
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
Ajin Abraham
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
DianaGray10
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
ScyllaDB
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
Vadym Kazulkin
 

Recently uploaded (20)

Mutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented ChatbotsMutation Testing for Task-Oriented Chatbots
Mutation Testing for Task-Oriented Chatbots
 
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge GraphGraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
GraphRAG for LifeSciences Hands-On with the Clinical Knowledge Graph
 
Demystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through StorytellingDemystifying Knowledge Management through Storytelling
Demystifying Knowledge Management through Storytelling
 
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
Overcoming the PLG Trap: Lessons from Canva's Head of Sales & Head of EMEA Da...
 
Christine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptxChristine's Supplier Sourcing Presentaion.pptx
Christine's Supplier Sourcing Presentaion.pptx
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota"Choosing proper type of scaling", Olena Syrota
"Choosing proper type of scaling", Olena Syrota
 
Apps Break Data
Apps Break DataApps Break Data
Apps Break Data
 
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
9 CEO's who hit $100m ARR Share Their Top Growth Tactics Nathan Latka, Founde...
 
Fueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte WebinarFueling AI with Great Data with Airbyte Webinar
Fueling AI with Great Data with Airbyte Webinar
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Monitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdfMonitoring and Managing Anomaly Detection on OpenShift.pdf
Monitoring and Managing Anomaly Detection on OpenShift.pdf
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS  at Code Europe 2024Introduction of Cybersecurity with OSS  at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Taking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdfTaking AI to the Next Level in Manufacturing.pdf
Taking AI to the Next Level in Manufacturing.pdf
 
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development ProvidersYour One-Stop Shop for Python Success: Top 10 US Python Development Providers
Your One-Stop Shop for Python Success: Top 10 US Python Development Providers
 
AppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSFAppSec PNW: Android and iOS Application Security with MobSF
AppSec PNW: Android and iOS Application Security with MobSF
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
What is an RPA CoE? Session 1 – CoE Vision
What is an RPA CoE?  Session 1 – CoE VisionWhat is an RPA CoE?  Session 1 – CoE Vision
What is an RPA CoE? Session 1 – CoE Vision
 
A Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's ArchitectureA Deep Dive into ScyllaDB's Architecture
A Deep Dive into ScyllaDB's Architecture
 
High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024High performance Serverless Java on AWS- GoTo Amsterdam 2024
High performance Serverless Java on AWS- GoTo Amsterdam 2024
 

Access Control Rules Tester