Our paper called “Detecting and Exploiting Second Order Denial of Service Vulnerabilities in Web Applications” is accepted to CCS 2015 in Denver! Here is the abstract:
This paper describes a new class of denial-of-service (DoS)
attack, which we refer to as Second Order DoS attacks.
These attacks consist of two phases, one that pollutes a
database with junk entries and another that performs a
costly operation on these entries to cause resource exhaustion.
The main contribution of this paper is a static analysis
for detecting second-order DoS vulnerabilities in web
applications. We have implemented our analysis in a tool
called Torpedo, and we show that Torpedo can successfully
detect second-order DoS vulnerabilities in widely used
web applications written in PHP. Once our tool discovers a
vulnerability, it also performs symbolic execution to generate
candidate attack vectors. We evaluate Torpedo on six
widely-used web applications and show that it uncovers 37
security vulnerabilities, while reporting 18 false positives.