DEVELOPMENT OF MULTI-LANGUAGE SOURCE CODE ANALYSIS TOOL TO IDENTIFY SQL INJECTION USING CONTROL-FLOW GRAPH
Static analysis tools are a type of tool developed to facilitate analysis of source code in order to find errors, bugs and vulnerabilities. Weakness vulnerabilities are things that need to be identified quickly because they can be exploited. One of the most commonly known vulnerabilities is SQL I...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/51509 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:51509 |
|---|---|
| spelling |
id-itb.:515092020-09-29T07:40:34ZDEVELOPMENT OF MULTI-LANGUAGE SOURCE CODE ANALYSIS TOOL TO IDENTIFY SQL INJECTION USING CONTROL-FLOW GRAPH Abraham Reyuko, Tanor Indonesia Final Project analysis tool, CFG, security vulnerability, multilanguage, SQL Injection. INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/51509 Static analysis tools are a type of tool developed to facilitate analysis of source code in order to find errors, bugs and vulnerabilities. Weakness vulnerabilities are things that need to be identified quickly because they can be exploited. One of the most commonly known vulnerabilities is SQL Injection. This vulnerability can also be found in various languages such as PHP and Python because SQL can be applied in these languages. In this final project, a static analysis tool was developed to detect SQL Injection vulnerabilities in some source code (PHP and Python) using Control-Flow Graph (CFG) as intermediate representation. There is knowledge that is applied to these intermediate representations so that tools are able to detect SQL injection vulnerabilities. Furthermore, a tool is built and tested against eight test case scenarios and compared with a reference static analysis tool to see the performance achieved. The test results showed that the tool was successful in analyzing 6 of the 8 test scenarios. The test results also show the limitations of the static analysis tools with the representation of CFG. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
Static analysis tools are a type of tool developed to facilitate analysis of source code in order
to find errors, bugs and vulnerabilities. Weakness vulnerabilities are things that need to be
identified quickly because they can be exploited. One of the most commonly known
vulnerabilities is SQL Injection. This vulnerability can also be found in various languages such
as PHP and Python because SQL can be applied in these languages.
In this final project, a static analysis tool was developed to detect SQL Injection vulnerabilities
in some source code (PHP and Python) using Control-Flow Graph (CFG) as intermediate
representation. There is knowledge that is applied to these intermediate representations so that
tools are able to detect SQL injection vulnerabilities. Furthermore, a tool is built and tested
against eight test case scenarios and compared with a reference static analysis tool to see the
performance achieved. The test results showed that the tool was successful in analyzing 6 of
the 8 test scenarios. The test results also show the limitations of the static analysis tools with
the representation of CFG.
|
| format |
Final Project |
| author |
Abraham Reyuko, Tanor |
| spellingShingle |
Abraham Reyuko, Tanor DEVELOPMENT OF MULTI-LANGUAGE SOURCE CODE ANALYSIS TOOL TO IDENTIFY SQL INJECTION USING CONTROL-FLOW GRAPH |
| author_facet |
Abraham Reyuko, Tanor |
| author_sort |
Abraham Reyuko, Tanor |
| title |
DEVELOPMENT OF MULTI-LANGUAGE SOURCE CODE ANALYSIS TOOL TO IDENTIFY SQL INJECTION USING CONTROL-FLOW GRAPH |
| title_short |
DEVELOPMENT OF MULTI-LANGUAGE SOURCE CODE ANALYSIS TOOL TO IDENTIFY SQL INJECTION USING CONTROL-FLOW GRAPH |
| title_full |
DEVELOPMENT OF MULTI-LANGUAGE SOURCE CODE ANALYSIS TOOL TO IDENTIFY SQL INJECTION USING CONTROL-FLOW GRAPH |
| title_fullStr |
DEVELOPMENT OF MULTI-LANGUAGE SOURCE CODE ANALYSIS TOOL TO IDENTIFY SQL INJECTION USING CONTROL-FLOW GRAPH |
| title_full_unstemmed |
DEVELOPMENT OF MULTI-LANGUAGE SOURCE CODE ANALYSIS TOOL TO IDENTIFY SQL INJECTION USING CONTROL-FLOW GRAPH |
| title_sort |
development of multi-language source code analysis tool to identify sql injection using control-flow graph |
| url |
https://digilib.itb.ac.id/gdl/view/51509 |
| _version_ |
1822928767344967680 |