Title :
Design of automatic vulnerability detection system for Web application program
Author :
Binbin Qu ; Beihai Liang ; Sheng Jiang ; Ye Chutian
Author_Institution :
Sch. of Compute Sci., Huazhong Univ. of Sci. & Technol., Wuhan, China
Abstract :
At present, Web application vulnerability safety problems widely exist because of the lack of effective validation and filtering mechanism for untrusted user data. This paper shows the design of the prototype system against SQL injection and cross-site scripting vulnerability. The main steps of the detection are as follows: construct the taint dependency graph for the program by the static analysis of source code; use finite state automata to represent the value of tainted string; verify whether the program has effective safe handling for the user input by matching with the attack pattern and then implement the prototype system for automatic detection on the Java Web program vulnerability based on taint dependency analysis. The experimental results show that the system is comprehensive and accurate for the detection of related vulnerabilities.
Keywords :
Internet; Java; SQL; finite automata; graph theory; program compilers; Java Web program; SQL injection; Web application program; Web application vulnerability safety problems; attack pattern; automatic vulnerability detection system; cross site scripting vulnerability; dependency graph; filtering mechanism; finite state automata; source code; untrusted user data; validation mechanism; static analysis; taint dependency analysis; web application vulnerability;
Conference_Titel :
Software Engineering and Service Science (ICSESS), 2013 4th IEEE International Conference on
Conference_Location :
Beijing
Print_ISBN :
978-1-4673-4997-0
DOI :
10.1109/ICSESS.2013.6615262
