Faculty Publications

Permanent URI for this communityhttps://idr.nitk.ac.in/handle/123456789/18736

Publications by NITK Faculty

Browse

Subject: search.filters.subject.Application logic

Search Results

Now showing 1 - 3 of 3
  • No Thumbnail Available
    Item
    Securing web applications from injection and logic vulnerabilities: Approaches and challenges
    (Elsevier B.V., 2016) Deepa, G.; Santhi Thilagam, P.S.
    Context: Web applications are trusted by billions of users for performing day-to-day activities. Accessibility, availability and omnipresence of web applications have made them a prime target for attackers. A simple implementation flaw in the application could allow an attacker to steal sensitive information and perform adversary actions, and hence it is important to secure web applications from attacks. Defensive mechanisms for securing web applications from the flaws have received attention from both academia and industry. Objective: The objective of this literature review is to summarize the current state of the art for securing web applications from major flaws such as injection and logic flaws. Though different kinds of injection flaws exist, the scope is restricted to SQL Injection (SQLI) and Cross-site scripting (XSS), since they are rated as the top most threats by different security consortiums. Method: The relevant articles recently published are identified from well-known digital libraries, and a total of 86 primary studies are considered. A total of 17 articles related to SQLI, 35 related to XSS and 34 related to logic flaws are discussed. Results: The articles are categorized based on the phase of software development life cycle where the defense mechanism is put into place. Most of the articles focus on detecting the flaws and preventing the attacks against web applications. Conclusion: Even though various approaches are available for securing web applications from SQLI and XSS, they are still prevalent due to their impact and severity. Logic flaws are gaining attention of the researchers since they violate the business specifications of applications. There is no single solution to mitigate all the flaws. More research is needed in the area of fixing flaws in the source code of applications. © 2016 Elsevier B.V. All rights reserved.
  • No Thumbnail Available
    Item
    DetLogic: A black-box approach for detecting logic vulnerabilities in web applications
    (Academic Press, 2018) Deepa, G.; Santhi Thilagam, P.S.; Praseed, A.; Pais, A.R.
    Web applications are subject to attacks by malicious users owing to the fact that the applications are implemented by software developers with insufficient knowledge about secure programming. The implementation flaws arising due to insecure coding practices allow attackers to exploit the application in order to perform adverse actions leading to undesirable consequences. These flaws can be categorized into injection and logic flaws. As large number of tools and solutions are available for addressing injection flaws, the focus of the attackers is shifting towards exploitation of logic flaws. The logic flaws allow attackers to compromise the application-specific functionality against the expectations of the stakeholders, and hence it is important to identify these flaws in order to avoid exploitation. Therefore, a prototype called DetLogic is developed for detecting different types of logic vulnerabilities such as parameter manipulation, access-control, and workflow bypass vulnerabilities in web applications. DetLogic employs black-box approach, and models the intended behavior of the application as an annotated finite state machine, which is subsequently used for deriving constraints related to input parameters, access-control, and workflows. The derived constraints are violated for simulating attack vectors to identify the vulnerabilities. DetLogic is evaluated against benchmark applications and is found to work effectively. © 2018 Elsevier Ltd
  • No Thumbnail Available
    Item
    RUSH: Rule-Based Scheduling for Low-Latency Serverless Computing
    (Institute of Electrical and Electronics Engineers Inc., 2025) Birajdar, P.A.; Anchalia, K.; Satpathy, A.; Addya, S.K.
    Serverless computing abstracts server management, enabling developers to focus on application logic while benefiting from automatic scaling and pay-per-use pricing. However, dynamic workloads pose challenges in resource allocation and response time optimization. Response time is a critical performance metric in serverless environments, especially for latency-sensitive applications, where inefficient scheduling can degrade user experience and system efficiency. This paper proposes RUSH (Rule-based Scheduling for Low-Latency Serverless Computing), a lightweight and adaptive scheduling framework designed to reduce cold starts and execution delays. RUSH employs a set of predefined rules that consider system state, resource availability, and timeout thresholds to make proactive, latency-Aware scheduling decisions. We implement and evaluate RUSH on a real-world serverless application that generates emoji meanings. Experimental results demonstrate that RUSH consistently outperforms First-Come-First-Served (FCFS), Random Scheduling, and Profaastinate, achieving ? 33% reduction in average execution time. © IEEE. 2019 IEEE.