Proceedings ArticleDOI
Pixy: a static analysis tool for detecting Web application vulnerabilities
Nenad Jovanovic,Christopher Kruegel,Engin Kirda +2 more
- pp 258-263
Reads0
Chats0
TLDR
This paper uses flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program and applies it to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection.Abstract:
The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable Web applications by means of static source code analysis. More precisely, we use flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program. In addition, alias and literal analysis are employed to improve the correctness and precision of the results. The presented concepts are targeted at the general class of taint-style vulnerabilities and can be applied to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection. Pixy, the open source prototype implementation of our concepts, is targeted at detecting cross-site scripting vulnerabilities in PHP scripts. Using our tool, we discovered and reported 15 previously unknown vulnerabilities in three Web applications, and reconstructed 36 known vulnerabilities in three other Web applications. The observed false positive rate is at around 50% (i.e., one false positive for each vulnerability) and therefore, low enough to permit effective security audits.read more
Citations
More filters
Proceedings ArticleDOI
HiddenCPG: Large-Scale Vulnerable Clone Detection Using Subgraph Isomorphism of Code Property Graphs
TL;DR: A scalable system designed to identify various web vulnerabilities, including bugs that stem from incorrect sanitization, and designed to find a subgraph in a target CPG that matches a given CPG query having a known vulnerability, known as the subgraph isomorphism problem.
Dissertation
Detection of logic flaws in multi-party business applications via security testing
TL;DR: Two novel security testing techniques to detect logic flaws in multi-party business applicatons that tackle the shortcomings of the existing techniques are presented and used to discover previously-unknown design errors in SAML SSO and OpenID protocols.
Journal Article
An Approach To Automate Security Assessment For Web Applications
TL;DR: The system works as a single point of control for running security tools and scripts and managing information about security projects and automates delivery of security solutions.
Towards practical prevention of code injection vulnerabilities on the programming language level
TL;DR: A general model is proposed to outfit modern programming languages with means for explicit and secure code generation through string serialization and identifies the models key components: the language integration, the Foreign Language Encapsulation Type, and the abstraction layer.
Proceedings ArticleDOI
A grounded theory based approach to characterize software attack surfaces
TL;DR: In this article , a Grounded Theory (GT) analysis on 1444 previously published vulnerability reports and weaknesses with a team of three software developers and security experts was conducted to identify an extensive list of attack surface components.
References
More filters
Book
Compilers: Principles, Techniques, and Tools
TL;DR: This book discusses the design of a Code Generator, the role of the Lexical Analyzer, and other topics related to code generation and optimization.
Book
Advanced Compiler Design and Implementation
TL;DR: Advanced Compiler Design and Implementation by Steven Muchnick Preface to Advanced Topics
Book
Principles of program analysis
TL;DR: This book is unique in providing an overview of the four major approaches to program analysis: data flow analysis, constraint-based analysis, abstract interpretation, and type and effect systems.
Proceedings ArticleDOI
Bugs as deviant behavior: a general approach to inferring errors in systems code
TL;DR: Six checkers are developed that extract beliefs by tailoring rule "templates" to a system --- for example, finding all functions that fit the rule template "a must be paired with b."
Proceedings ArticleDOI
Securing web application code by static analysis and runtime protection
TL;DR: A lattice-based static analysis algorithm derived from type systems and typestate is created, and its soundness is addressed, thus securing Web applications in the absence of user intervention and reducing potential runtime overhead by 98.4%.