DEVELOPMENT OF INJECTION VULNERABILITY DETECTION IN STATIC ANALYSIS TOOL FOR MULTI- PROGRAMMING LANGUAGE
In the software development process, vulnerabilities often emerge predominantly during the implementation phase. However, these vulnerabilities are frequently only identified when testing takes place. The longer it takes to detect vulnerabilities, the greater their potential impact becomes, both...
Saved in:
| Main Author: | |
|---|---|
| Format: | Final Project |
| Language: | Indonesia |
| Online Access: | https://digilib.itb.ac.id/gdl/view/76889 |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Institut Teknologi Bandung |
| Language: | Indonesia |
| id |
id-itb.:76889 |
|---|---|
| spelling |
id-itb.:768892023-08-21T07:43:29ZDEVELOPMENT OF INJECTION VULNERABILITY DETECTION IN STATIC ANALYSIS TOOL FOR MULTI- PROGRAMMING LANGUAGE Nail Wibowo, Fakhri Indonesia Final Project static analysis, abstract syntax tree, data flow graph, taint analysis INSTITUT TEKNOLOGI BANDUNG https://digilib.itb.ac.id/gdl/view/76889 In the software development process, vulnerabilities often emerge predominantly during the implementation phase. However, these vulnerabilities are frequently only identified when testing takes place. The longer it takes to detect vulnerabilities, the greater their potential impact becomes, both from a business and technological perspective. Hence, code reviews are commonly employed as a form of static analysis to swiftly capture vulnerabilities and errors. Nevertheless, in some cases, code review alone falls short, necessitating the assistance of automated static analysis methods using specialized tools. With such tools, developers can perform static analysis more rapidly and comprehensively, thereby significantly increasing the likelihood of promptly identifying vulnerabilities. This research aims to develop a static analysis tool focusing on the detection of injection vulnerabilities across four programming languages: Python, PHP, Java, and Javascript. The chosen approach involves employing abstract syntax trees (AST) and data flow graphs (DFG) generated from source code as intermediate representations and performing taint analysis to uncover vulnerabilities within these representations. Upon evaluating the tool's performance, it is revealed that the tool built upon the AST and DFG intermediate representations effectively detects injection vulnerabilities. The evaluation also uncovers the causes behind false positives and false negatives, accompanied by recommendations for mitigating these occurrences. text |
| institution |
Institut Teknologi Bandung |
| building |
Institut Teknologi Bandung Library |
| continent |
Asia |
| country |
Indonesia Indonesia |
| content_provider |
Institut Teknologi Bandung |
| collection |
Digital ITB |
| language |
Indonesia |
| description |
In the software development process, vulnerabilities often emerge predominantly
during the implementation phase. However, these vulnerabilities are frequently
only identified when testing takes place. The longer it takes to detect
vulnerabilities, the greater their potential impact becomes, both from a business
and technological perspective. Hence, code reviews are commonly employed as a
form of static analysis to swiftly capture vulnerabilities and errors.
Nevertheless, in some cases, code review alone falls short, necessitating the
assistance of automated static analysis methods using specialized tools. With such
tools, developers can perform static analysis more rapidly and comprehensively,
thereby significantly increasing the likelihood of promptly identifying
vulnerabilities.
This research aims to develop a static analysis tool focusing on the detection of
injection vulnerabilities across four programming languages: Python, PHP, Java,
and Javascript. The chosen approach involves employing abstract syntax trees
(AST) and data flow graphs (DFG) generated from source code as intermediate
representations and performing taint analysis to uncover vulnerabilities within
these representations.
Upon evaluating the tool's performance, it is revealed that the tool built upon the
AST and DFG intermediate representations effectively detects injection
vulnerabilities. The evaluation also uncovers the causes behind false positives and
false negatives, accompanied by recommendations for mitigating these
occurrences. |
| format |
Final Project |
| author |
Nail Wibowo, Fakhri |
| spellingShingle |
Nail Wibowo, Fakhri DEVELOPMENT OF INJECTION VULNERABILITY DETECTION IN STATIC ANALYSIS TOOL FOR MULTI- PROGRAMMING LANGUAGE |
| author_facet |
Nail Wibowo, Fakhri |
| author_sort |
Nail Wibowo, Fakhri |
| title |
DEVELOPMENT OF INJECTION VULNERABILITY DETECTION IN STATIC ANALYSIS TOOL FOR MULTI- PROGRAMMING LANGUAGE |
| title_short |
DEVELOPMENT OF INJECTION VULNERABILITY DETECTION IN STATIC ANALYSIS TOOL FOR MULTI- PROGRAMMING LANGUAGE |
| title_full |
DEVELOPMENT OF INJECTION VULNERABILITY DETECTION IN STATIC ANALYSIS TOOL FOR MULTI- PROGRAMMING LANGUAGE |
| title_fullStr |
DEVELOPMENT OF INJECTION VULNERABILITY DETECTION IN STATIC ANALYSIS TOOL FOR MULTI- PROGRAMMING LANGUAGE |
| title_full_unstemmed |
DEVELOPMENT OF INJECTION VULNERABILITY DETECTION IN STATIC ANALYSIS TOOL FOR MULTI- PROGRAMMING LANGUAGE |
| title_sort |
development of injection vulnerability detection in static analysis tool for multi- programming language |
| url |
https://digilib.itb.ac.id/gdl/view/76889 |
| _version_ |
1822995106738733056 |