查看文章

Improper configuration of web applications or servers can lead to various security flaws. Security misconfiguration is ranked number 6 on the OWASP top 10 2017 list, meaning it is a critical risk in web applications that web developers need to focus on. The exploitation of this kind of vulnerabilities can lead to exploitation of other severe vulnerabilities and complete compromise of web applications. In this paper, we collaborate with security experts from a web security company to propose a tool to detect security misconfigurations in web applications. Our proposed tool, BitScanner, can effectively identify misconfiguration issues in all web applications regardless of the platform and technology they are built. The proposed tool is to enable web developers to fix any misconfiguration issues in applications before deployment in real development scenarios. Evaluation results show that our proposed tool has higher …