STATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY
Nowadays information technology is developing very fast. Along with rapid development, more and more people are interested in becoming a software engineer. But many software engineers are not aware of the quality of a code, especially for security aspects. A solution is needed to solve the problem,...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/43805 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:43805 |
|---|---|
| spelling |
id-itb.:438052019-09-30T11:12:18ZSTATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY Fahrurrozi Maskur, Achmad Indonesia Final Project static code analysis, taint analysis, web vulnerability INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/43805 Nowadays information technology is developing very fast. Along with rapid development, more and more people are interested in becoming a software engineer. But many software engineers are not aware of the quality of a code, especially for security aspects. A solution is needed to solve the problem, such as using automated code scanning technology or often called static code analysis. This final project formulated a problem statement that is how to minimize the occurrence of vulnerability by utilizing static code analysis technology. The purpose of this final project is to build a tool that functions to carry out static code analysis. Static code analysis is carried out using the Taint Analysis method, namely by identifying variables that are suspected of being dangerous (tainted), because they originate from user input. Then do a tracking of these variables to a dangerous function which is then called as sink. If the tainted variable enters the sink before filtering or sanitizing, it is considered as a vulnerability. Evaluation of the constructed tool showed satisfactory results in finding vulnerabilities. From the 20 open source projects listed on the official CVE website, 12 of them were found or as many as 60%. The type of vulnerability that can be found by the taint analysis method is injection type vulnerability. In addition, all the functional needs of tool have also been met. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
Nowadays information technology is developing very fast. Along with rapid development, more and more people are interested in becoming a software engineer. But many software engineers are not aware of the quality of a code, especially for security aspects. A solution is needed to solve the problem, such as using automated code scanning technology or often called static code analysis. This final project formulated a problem statement that is how to minimize the occurrence of vulnerability by utilizing static code analysis technology. The purpose of this final project is to build a tool that functions to carry out static code analysis. Static code analysis is carried out using the Taint Analysis method, namely by identifying variables that are suspected of being dangerous (tainted), because they originate from user input. Then do a tracking of these variables to a dangerous function which is then called as sink. If the tainted variable enters the sink before filtering or sanitizing, it is considered as a vulnerability. Evaluation of the constructed tool showed satisfactory results in finding vulnerabilities. From the 20 open source projects listed on the official CVE website, 12 of them were found or as many as 60%. The type of vulnerability that can be found by the taint analysis method is injection type vulnerability. In addition, all the functional needs of tool have also been met. |
| format |
Final Project |
| author |
Fahrurrozi Maskur, Achmad |
| spellingShingle |
Fahrurrozi Maskur, Achmad STATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY |
| author_facet |
Fahrurrozi Maskur, Achmad |
| author_sort |
Fahrurrozi Maskur, Achmad |
| title |
STATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY |
| title_short |
STATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY |
| title_full |
STATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY |
| title_fullStr |
STATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY |
| title_full_unstemmed |
STATIC CODE ANALYSIS TOOL WITH THE TAINT ANALYSIS METHOD FOR DETECTING WEB APPLICATION VULNERABILITY |
| title_sort |
static code analysis tool with the taint analysis method for detecting web application vulnerability |
| url |
https://digilib.itb.ac.id/gdl/view/43805 |
| _version_ |
1821998979470065664 |