In this presentation, we extend our attack model (presented in FRHACK'09) to scenarios involving web application vulnerabilities (e.g. SQL injection and Cross Site Scripting). The possibilities offered by the exploitation of these vulnerabilities differ from the binary exploitation scenario, and require a new abstraction: a family of agents with different capabilities that can work together and be used as pivoting stones, and fit into the Attack Graph representation.
Using efficient algorithms that we have developed for probabilistic planning of multi-step attacks, we can find optimal attack paths that minimize an attack parameter (e.g. the expected execution time) in real-world scenarios that involve a mix of System agents, SQL agents and XSS agents. Our planning solution has a computational complexity of O(n log n), where n is the total number of actions in the graph, and takes into account probabilistic and numerical effects of the actions. We will conclude the presentation with some ideas for future research on this area.
For more information about the conference, see http://www.h2hc.org.br/