Design of automatic vulnerability detection system for Web application program

Author

Binbin Qu ; Beihai Liang ; Sheng Jiang ; Ye Chutian

Author_Institution

Sch. of Compute Sci., Huazhong Univ. of Sci. & Technol., Wuhan, China

fYear

2013

fDate

23-25 May 2013

Firstpage

89

Lastpage

92

Abstract

At present, Web application vulnerability safety problems widely exist because of the lack of effective validation and filtering mechanism for untrusted user data. This paper shows the design of the prototype system against SQL injection and cross-site scripting vulnerability. The main steps of the detection are as follows: construct the taint dependency graph for the program by the static analysis of source code; use finite state automata to represent the value of tainted string; verify whether the program has effective safe handling for the user input by matching with the attack pattern and then implement the prototype system for automatic detection on the Java Web program vulnerability based on taint dependency analysis. The experimental results show that the system is comprehensive and accurate for the detection of related vulnerabilities.

Keywords

Internet; Java; SQL; finite automata; graph theory; program compilers; Java Web program; SQL injection; Web application program; Web application vulnerability safety problems; attack pattern; automatic vulnerability detection system; cross site scripting vulnerability; dependency graph; filtering mechanism; finite state automata; source code; untrusted user data; validation mechanism; static analysis; taint dependency analysis; web application vulnerability;

fLanguage

English

Publisher

ieee

Conference_Titel

Software Engineering and Service Science (ICSESS), 2013 4th IEEE International Conference on

Conference_Location

Beijing

ISSN

2327-0586

Print_ISBN

978-1-4673-4997-0

Type

conf

DOI

10.1109/ICSESS.2013.6615262

Filename

6615262