DEVELOPMENT OF MULTI-LANGUAGE SOURCE CODE ANALYSIS TOOL TO IDENTIFY SQL INJECTION USING CONTROL-FLOW GRAPH
Static analysis tools are a type of tool developed to facilitate analysis of source code in order to find errors, bugs and vulnerabilities. Weakness vulnerabilities are things that need to be identified quickly because they can be exploited. One of the most commonly known vulnerabilities is SQL I...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/51509 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| Summary: | Static analysis tools are a type of tool developed to facilitate analysis of source code in order
to find errors, bugs and vulnerabilities. Weakness vulnerabilities are things that need to be
identified quickly because they can be exploited. One of the most commonly known
vulnerabilities is SQL Injection. This vulnerability can also be found in various languages such
as PHP and Python because SQL can be applied in these languages.
In this final project, a static analysis tool was developed to detect SQL Injection vulnerabilities
in some source code (PHP and Python) using Control-Flow Graph (CFG) as intermediate
representation. There is knowledge that is applied to these intermediate representations so that
tools are able to detect SQL injection vulnerabilities. Furthermore, a tool is built and tested
against eight test case scenarios and compared with a reference static analysis tool to see the
performance achieved. The test results showed that the tool was successful in analyzing 6 of
the 8 test scenarios. The test results also show the limitations of the static analysis tools with
the representation of CFG.
|
|---|