Web-Crawler for Search for Authorization Vulnerabilities

Student: Samburov Aleksei

Supervisor: Denis Gamaunov

Educational Programme: Applied Mathematics and Information Science (Bachelor)

Year of Graduation: 2018

Simplification of search for security vulnerabilities in web-applications become more and more important problem because of rapid growth of web-application usage. Problem of automated scanning for authorization vulnerabilities is decided to be the subject of this work. Reason for this is that such popular vulnerabilities as SQL-injections and XSS-attacks are well researched, so there are high-quality scanners for such vulnerabilities. Goal of this work is to develop tool for semi-automated search for privilege escalation. For this purpose analysis of existing methods on this problem is performed to select the most appropriate ones, approaches to implement semi-automated scanner are developed. FInally, implementation details of security scanner of web-application are provided. Developed solution provides opportunity to significantly simplify search for web-application vulnerabilities.

Student Theses at HSE must be completed in accordance with the University Rules and regulations specified by each educational programme.

Summaries of all theses must be published and made freely available on the HSE website.

The full text of a thesis can be published in open access on the HSE website only if the authoring student (copyright holder) agrees, or, if the thesis was written by a team of students, if all the co-authors (copyright holders) agree. After a thesis is published on the HSE website, it obtains the status of an online publication.

Student theses are objects of copyright and their use is subject to limitations in accordance with the Russian Federation’s law on intellectual property.

In the event that a thesis is quoted or otherwise used, reference to the author’s name and the source of quotation is required.

Search all student theses