Proceedings ArticleDOI
Pixy: a static analysis tool for detecting Web application vulnerabilities
Nenad Jovanovic,Christopher Kruegel,Engin Kirda +2 more
- pp 258-263
Reads0
Chats0
TLDR
This paper uses flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program and applies it to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection.Abstract:
The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable Web applications by means of static source code analysis. More precisely, we use flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program. In addition, alias and literal analysis are employed to improve the correctness and precision of the results. The presented concepts are targeted at the general class of taint-style vulnerabilities and can be applied to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection. Pixy, the open source prototype implementation of our concepts, is targeted at detecting cross-site scripting vulnerabilities in PHP scripts. Using our tool, we discovered and reported 15 previously unknown vulnerabilities in three Web applications, and reconstructed 36 known vulnerabilities in three other Web applications. The observed false positive rate is at around 50% (i.e., one false positive for each vulnerability) and therefore, low enough to permit effective security audits.read more
Citations
More filters
Proceedings ArticleDOI
Experience: Model-Based, Feedback-Driven, Greybox Web Fuzzing with BackREST
François Gauthier,Behnaz Hassanshahi,Benjamin Selwyn-Smith,Trong Nhan Mai,Max Schlüter,Micah Williams +5 more
TL;DR: It is shown how techniques like state-aware crawling, type inference, coverage and taint analysis can be integrated with a black-box fuzzer to find more critical vulnerabilities, faster (speedups between 7.4 × and 25.9 × ).
Journal ArticleDOI
Data Validation System For A Relational Database
Ledisi Giok Kabari,Barida Baah +1 more
TL;DR: This paper focuses on enhancing and elaborating on existing data validation methods like limits checks, character checks, range checks, presence checks, consistency checks, format or picture checks and data type checks, to improve the performance of application systems.
Journal ArticleDOI
Automated server-side model for recognition of security vulnerabilities in scripting languages
TL;DR: A new static analysis model is proposed designed to discover the security problems in scripting languages and managed to detect 94% of security vulnerabilities found in the testing benchmarks; this clearly indicates that the proposed model is able to provide an effective solution to complicated web systems.
Dissertation
De la nécessité d'une vision holistique du code pour l'analyse statique et la correction automatique des Applications Web
TL;DR: In this paper, the authors propose a productivite course for the production of code sous controle qualitatif de plus en plus exigeante, which can be seen as a way to repousser des limites constatees dans le domaine de la qualite logicielle.
Proceedings ArticleDOI
A New Static Vulnerabilities Analysis Algorithm for PHP Codes
Xue-Xiong Yan,Hengtai Ma +1 more
TL;DR: This paper introduces function calling control vulnerability, which is a new kind of taint-style vulnerabilities in PHP codes without sensitive function, and enriches classical update rules for taint analysis with a new transfer function definition, used to deal with statements with a single function call.
References
More filters
Book
Compilers: Principles, Techniques, and Tools
TL;DR: This book discusses the design of a Code Generator, the role of the Lexical Analyzer, and other topics related to code generation and optimization.
Book
Advanced Compiler Design and Implementation
TL;DR: Advanced Compiler Design and Implementation by Steven Muchnick Preface to Advanced Topics
Book
Principles of program analysis
TL;DR: This book is unique in providing an overview of the four major approaches to program analysis: data flow analysis, constraint-based analysis, abstract interpretation, and type and effect systems.
Proceedings ArticleDOI
Bugs as deviant behavior: a general approach to inferring errors in systems code
TL;DR: Six checkers are developed that extract beliefs by tailoring rule "templates" to a system --- for example, finding all functions that fit the rule template "a must be paired with b."
Proceedings ArticleDOI
Securing web application code by static analysis and runtime protection
TL;DR: A lattice-based static analysis algorithm derived from type systems and typestate is created, and its soundness is addressed, thus securing Web applications in the absence of user intervention and reducing potential runtime overhead by 98.4%.