STATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY

STATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY

Nowadays information technology is developing very fast. Along with rapid development, more and more people are interested in becoming a software engineer. But many software engineers are not aware of the quality of a code, especially for security aspects. A solution is needed to solve the problem,...

Full description

Saved in:
Bibliographic Details
Main Author: Fahrurrozi Maskur, Achmad
Format: Final Project
Language:Indonesia
Online Access:https://digilib.itb.ac.id/gdl/view/43805
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Institut Teknologi Bandung
Language: Indonesia
Description
Summary:Nowadays information technology is developing very fast. Along with rapid development, more and more people are interested in becoming a software engineer. But many software engineers are not aware of the quality of a code, especially for security aspects. A solution is needed to solve the problem, such as using automated code scanning technology or often called static code analysis. This final project formulated a problem statement that is how to minimize the occurrence of vulnerability by utilizing static code analysis technology. The purpose of this final project is to build a tool that functions to carry out static code analysis. Static code analysis is carried out using the Taint Analysis method, namely by identifying variables that are suspected of being dangerous (tainted), because they originate from user input. Then do a tracking of these variables to a dangerous function which is then called as sink. If the tainted variable enters the sink before filtering or sanitizing, it is considered as a vulnerability. Evaluation of the constructed tool showed satisfactory results in finding vulnerabilities. From the 20 open source projects listed on the official CVE website, 12 of them were found or as many as 60%. The type of vulnerability that can be found by the taint analysis method is injection type vulnerability. In addition, all the functional needs of tool have also been met.

Similar Items