Proceedings ArticleDOI
Pixy: a static analysis tool for detecting Web application vulnerabilities
Nenad Jovanovic,Christopher Kruegel,Engin Kirda +2 more
- pp 258-263
Reads0
Chats0
TLDR
This paper uses flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program and applies it to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection.Abstract:
The number and the importance of Web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable Web applications by means of static source code analysis. More precisely, we use flow-sensitive, interprocedural and context-sensitive dataflow analysis to discover vulnerable points in a program. In addition, alias and literal analysis are employed to improve the correctness and precision of the results. The presented concepts are targeted at the general class of taint-style vulnerabilities and can be applied to the detection of vulnerability types such as SQL injection, cross-site scripting, or command injection. Pixy, the open source prototype implementation of our concepts, is targeted at detecting cross-site scripting vulnerabilities in PHP scripts. Using our tool, we discovered and reported 15 previously unknown vulnerabilities in three Web applications, and reconstructed 36 known vulnerabilities in three other Web applications. The observed false positive rate is at around 50% (i.e., one false positive for each vulnerability) and therefore, low enough to permit effective security audits.read more
Citations
More filters
Journal ArticleDOI
Automated Discovery of JavaScript Code Injection Attacks in PHP Web Applications
Shashank Gupta,Brij B. Gupta +1 more
TL;DR: An automated detection system, which scans the numerous possible locations of web sites for JavaScript injection vulnerabilities and injects the malicious XSS attack vectors in such injection points.
Journal ArticleDOI
ART4SQLi: The ART of SQL Injection Vulnerability Discovery
TL;DR: This paper approaches from a test case prioritization perspective to give a more effective SQLi discovery proposal, which is based on adaptive random testing with the aim to successfully trigger an SQLi within limited attempts, and can effectively improve the conventional random testing approach on three common benchmarks.
Book ChapterDOI
SafeWeb: a middleware for securing ruby-based web applications
Petr Hosek,Matteo Migliavacca,Ioannis Papagiannis,David Eyers,David A. Evans,Brian Shand,Jean Bacon,Peter Pietzuch +7 more
TL;DR: The design and implementation of SafeWeb is described, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing.
Journal ArticleDOI
Checking enforcement of integrity constraints in database applications based on code patterns
TL;DR: This work proposes an approach for automatic detection of ICE violations at the application level based on identification of code patterns and demonstrates that it is feasible to effectively identify bugs or problematic code by mining code patterns in a specific domain/application area.
Journal ArticleDOI
The approaches to quantify web application security scanners quality: A review
TL;DR: In this survey, the experiment methodologies and criterions that had been used to quantify web application security scanner's quality is classified and reviewed using the preferred reporting items for systematic reviews and meta-analyses (PRISMA) protocol.
References
More filters
Book
Compilers: Principles, Techniques, and Tools
TL;DR: This book discusses the design of a Code Generator, the role of the Lexical Analyzer, and other topics related to code generation and optimization.
Book
Advanced Compiler Design and Implementation
TL;DR: Advanced Compiler Design and Implementation by Steven Muchnick Preface to Advanced Topics
Book
Principles of program analysis
TL;DR: This book is unique in providing an overview of the four major approaches to program analysis: data flow analysis, constraint-based analysis, abstract interpretation, and type and effect systems.
Proceedings ArticleDOI
Bugs as deviant behavior: a general approach to inferring errors in systems code
TL;DR: Six checkers are developed that extract beliefs by tailoring rule "templates" to a system --- for example, finding all functions that fit the rule template "a must be paired with b."
Proceedings ArticleDOI
Securing web application code by static analysis and runtime protection
TL;DR: A lattice-based static analysis algorithm derived from type systems and typestate is created, and its soundness is addressed, thus securing Web applications in the absence of user intervention and reducing potential runtime overhead by 98.4%.