• DocumentCode
    3245071
  • Title

    The Vulnerability Analysis Framework for Java Bytecode

  • Author

    Hong, Tang ; Hua, Chen ; Gang, Zhao ; Qiang, Liu ; Jinjin, Zhao

  • Author_Institution
    Beijing Inst. of Syst. Eng., Beijing, China
  • fYear
    2009
  • fDate
    8-11 Dec. 2009
  • Firstpage
    896
  • Lastpage
    901
  • Abstract
    Since Java web applications are used widely in Internet today, the security of it becomes an outstanding problem. The attacks, including SQL injection attack, XSS attack, and etc, are great challenges for the Java application. This paper presents the vulnerability analysis framework to detect the security hole in the Java web applications. The framework combines the techniques of the static points-to dataflow analysis, the dynamical instrument and the fuzzing test. With the cooperation of these static and dynamical analysis techniques, it can improve the efficiency and accuracy of the analysis and lower the false positive rate.
  • Keywords
    Internet; Java; data flow analysis; security of data; Internet; Java bytecode; dynamical analysis; false positive rate; fuzzing test; security hole; static analysis; static points-to-dataflow analysis; vulnerability analysis; Application software; Data analysis; Data security; Information analysis; Internet; Java; Performance analysis; Programming profession; Systems engineering and theory; Testing; Java bytecode; analysis framework; vulnerability analysis;
  • fLanguage
    English
  • Publisher
    ieee
  • Conference_Titel
    Parallel and Distributed Systems (ICPADS), 2009 15th International Conference on
  • Conference_Location
    Shenzhen
  • ISSN
    1521-9097
  • Print_ISBN
    978-1-4244-5788-5
  • Type

    conf

  • DOI
    10.1109/ICPADS.2009.74
  • Filename
    5395315
    • Link To Document
    https://search.isc.ac/dl/search/defaultta.aspx?DTC=49&DC=3245071