Volume 13 (2021)
Volume 12 (2020)
Volume 11 (2019)
Volume 10 (2018)
Volume 9 (2017)
Volume 8 (2016)
Volume 7 (2015)
Volume 6 (2014)
Volume 5 (2013)
Volume 4 (2012)
Volume 3 (2011)
Volume 2 (2010)
Volume 1 (2009)
1. Business-Layer Session Puzzling Racer: Dynamic Security Testing against Session Puzzling Race Conditions in the Business Layer

Mitra Alidoosti; Alireza Nowroozi; Ahmad Nickabadi

Articles in Press, Accepted Manuscript, Available Online from 06 September 2021


  Parallel execution of multiple threads of a web application will result in server-side races if the web application is not synchronized correctly. Server-side race is susceptible to flaws in the relation between the server and the database. Detecting the race condition in the web applications depends ...  Read More

2. IDOT: Black-Box Detection of Access Control Violations in Web Applications

Mohammad Ali Hadavi; Arash Bagherdaei; Simin Ghasemi

Volume 13, Issue 2 , Summer and Autumn 2021, , Pages 117-129

  < p>Automatic detection of access control violations in software applications is a challenging problem. Insecure Direct Object Reference (IDOR) is among top-ranked vulnerabilities, which violates access control policies and cannot be yet detected by automated vulnerability scanners. While such ...  Read More