CLAY: Enhancing Exploit Generation with Human Knowledge in Web Applications

As parts of our everyday life moves online, securing web applications becomes a priority for our societies. The two well-established analysis techniques used in vulnerability detection, manual review and automated analysis, both suffer from numerous issues and drawbacks. The former is reliant on the availability of human experts, hence hard to scale and prone to errors as the complexity of the applications grow, while the latter is unable to grasp the underlying logic behind a program, degrading the analysis precision. The goal of this research is to bridge the gap between these two approaches, creating a vulnerability detection framework able to combine the computation and analysis capabilities of autonomous systems with the intuition, knowledge and experience of human analysts. This new approach is aimed at conserving the best features of both methods while compensating their weaknesses. We created a domain specific language for guiding and customizing an automated analysis tool, employing both static and dynamic analysis techniques, with knowledge provided by the human analyst using it. We implemented our approach in a tool called CLAY that was able to find 18 more vulnerabilities in 10 public open source PHP applications with respect to its uncustomizable counterpart.