Finding security vulnerabilities in java applications with static analysis
Citations
1,269Â citations
Cites background from "Finding security vulnerabilities in..."
...Many tools help programmers either find or mitigate mistakes in their code that may lead to vulnerabilities, including static analysis tools like PQL [29, 31] and UrFlow [7], and runtime tools like Resin [52] and CLAMP [36]....
[...]
947Â citations
876Â citations
Cites methods from "Finding security vulnerabilities in..."
...Static analysis has commonly been used for bug finding [8, 21, 27]....
[...]
631Â citations
590Â citations
Cites methods from "Finding security vulnerabilities in..."
...In pa rticular, there are two recent techniques using static analysis to tra ck he flow of untrusted input through a program: one based on a type system [15] (similar to CQual [10]) and one based on a pointsto analysis [24] (using a precise points-to analysis for Jav a [43] and policies specified in PQL [22, 26])....
[...]
References
2,475Â citations
"Finding security vulnerabilities in..." refers methods in this paper
...They have developed a tool called bddbddb (BDD-Based Deductive DataBase) that automatically translates program analyses expressed in terms of Datalog [50] (a language used in deductive databases) into highly efficient BDD-based implementations....
[...]
1,571Â citations
1,536Â citations
1,160Â citations
"Finding security vulnerabilities in..." refers methods in this paper
...Much of the work in information-flow analysis uses a type-checking approach, as exemplified by JFlow [38]....
[...]
1,127Â citations