Title :
Analysis of the effect of Java software faults on security vulnerabilities and their detection by commercial web vulnerability scanner tool
Author :
Basso, Tânia ; Fernandes, P.C.S. ; Jino, Mario ; Moraes, Regina
Author_Institution :
State Univ. of Campinas, Campinas, Brazil
fDate :
June 28 2010-July 1 2010
Abstract :
Most software systems developed nowadays are highly complex and subject to strict time constraints, and are often deployed with critical software faults. In many cases, software faults are responsible for security vulnerabilities which are exploited by hackers. Automatic web vulnerability scanners can help to locate these vulnerabilities. Trustworthiness of the results that these tools provide is important; hence, relevance of the results must be assessed. We analyze the effect on security vulnerabilities of Java software faults injected on source code of Web applications. We assess how these faults affect the behavior of the scanner vulnerability tool, to validate the results of its application. Software fault injection techniques and attack trees models were used to support the experiments. The injected software faults influenced the application behavior and, consequently, the behavior of the scanner tool. High percentage of uncovered vulnerabilities as well as false positives points out the limitations of the tool.
Keywords :
Internet; Java; security of data; software fault tolerance; Java software faults; commercial Web vulnerability scanner tool; security vulnerabilities; trees models; Application software; Computer hacking; Data security; Fault detection; Information security; Java; Software systems; Software tools; Testing; Time factors;
Conference_Titel :
Dependable Systems and Networks Workshops (DSN-W), 2010 International Conference on
Conference_Location :
Chicago, IL
Print_ISBN :
978-1-4244-7729-6
Electronic_ISBN :
978-1-4244-7728-9
DOI :
10.1109/DSNW.2010.5542602
