Abstract :
Web application security becomes a critical issue as more and more web applications appear and serve common life and business routines in recent years. It is known that web applications are vulnerable due to software defects. Open to public users, vulnerable websites may encounter lots of malicious attacks from the Internet. We present a new web service platform where system developers can detect, view and patch potential vulnerabilities of their web applications online. Taking advantage of static string analysis techniques, our analysis ensures that the patched programs are free from vulnerabilities with respect to given attack patterns. Specifically, we integrate the service front end with program visualization techniques, developing a 3D interface/presentation for users to access and view the analysis result under visualization environment with the aim of improving users´ comprehension on programs, especially how vulnerabilities get exploited and patched. We report our analysis result on several open source applications, finding and patching various unknown/known vulnerabilities.
Keywords :
Web services; Web sites; program diagnostics; program visualisation; public domain software; security of data; software maintenance; 3D interface development; 3D presentation development; Internet; Patcher; Web application security; Web application vulnerability detection; Web application vulnerability patching; Web application vulnerability viewing; Web service platform; Web sites; malicious attacks; online service; open source applications; program comprehension; program visualization techniques; service front end integration; software defects; static string analysis techniques; Automata; Mobile handsets; Reachability analysis; Security; Three-dimensional displays; Visualization; Web services; program comprehension; string analysis; visualization; web security;
