An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving

Malicious users can attack Web applications by exploiting injection vulnerabilities in the source code. This work addresses the challenge of detecting injection vulnerabilities in the server-side code of Java Web applications in a scalable and effective way. We propose an integrated approach that se...

Full description

Saved in:

Bibliographic Details
Main Authors:	Thome, Julian, Shar, Lwin Khin, Bianculli, Domenico, Briand, Lionel
Other Authors:	School of Computer Science and Engineering
Format:	Article
Language:	English
Published:	2021
Subjects:	Engineering::Computer science and engineering Security Benchmark Testing
Online Access:	https://hdl.handle.net/10356/154605
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Nanyang Technological University
Language:	English

Similar Items

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: THOME, Julian, et al.
Published: (2018)

Security slicing for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Search-driven string constraint solving for vulnerability detection
by: THOME, Julian, et al.
Published: (2017)

Security slicing for auditing XML, XPath, and SQL injection vulnerabilities
by: THOME, Julian, et al.
Published: (2015)

JoanAudit: A tool for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Automated reverse engineering of role-based access control policies of web applications
by: LE, Ha Thanh, et al.
Published: (2022)

Web application vulnerability prediction using hybrid program analysis and machine learning
by: SHAR, Lwin Khin, et al.
Published: (2014)

Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis
by: SHAR, Lwin Khin, et al.
Published: (2013)

Security analysis of permission re-delegation vulnerabilities in Android apps
by: DEMISSIE, Biniam Fisseha, et al.
Published: (2020)

Security analysis of permission re-delegation vulnerabilities in Android apps
by: DEMISSIE, Biniam Fisseha, et al.
Published: (2020)

Mitigating SQL injection and cross site scripting vulnerabilities using program analysis and data mining techniques
by: Shar, Lwin Khin
Published: (2013)

Automated removal of cross site scripting vulnerabilities in web applications
by: Shar, Lwin Khin, et al.
Published: (2013)

Automated removal of cross site scripting vulnerabilities in web applications
by: SHAR, Lwin Khin, et al.
Published: (2011)

Comparison and evaluation on Static Application Security Testing (SAST) tools for Java
by: LI, Kaixuan, et al.
Published: (2023)

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
by: Shar, Lwin Khin, et al.
Published: (2013)

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
by: SHAR, Lwin Khin, et al.
Published: (2012)

Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns
by: SHAR, Lwin Khin, et al.
Published: (2013)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: Shar, Lwin Khin, et al.
Published: (2013)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: SHAR, Lwin Khin, et al.
Published: (2012)

Mining patterns of unsatisfiable constraints to detect infeasible paths
by: DING, Sun, et al.
Published: (2015)

Active fuzzing for testing and securing cyber-physical systems
by: CHEN, Yuqi, et al.
Published: (2020)

Rapid prototyping and manufacturing benchmarking
by: MANI MAHESH
Published: (2010)

Semi-automated verification of defense against SQL injection in web applications
by: Liu, Kaiping, et al.
Published: (2013)

Semi-automated verification of defense against SQL injection in web applications
by: LIU, Kaiping, et al.
Published: (2012)

Modeling security and privacy requirements: A use case-driven approach
by: MAI, Phu Xuan, et al.
Published: (2018)

Type and interval aware array constraint solving for symbolic execution
by: SHUAI, Ziqi, et al.
Published: (2021)

Security and vulnerability analysis of web applications
by: Le, Ha Thanh
Published: (2011)

Security and Performance Analysis for RFID Protocols
by: LIANG, Bing
Published: (2010)

Benchmarking for decision making in rapid prototyping systems
by: Mahesh, M., et al.
Published: (2014)

Investigating vulnerabilities and security issues in Web Apps
by: Seah, Derek.
Published: (2009)

XSS for the masses: Integrating security in a web programming course using a security scanner
by: SHAR, Lwin Khin, et al.
Published: (2022)

Formulating strategies for improving the educational management of Nursing Colleges under the jurisdiction of the Ministry of Public Health : benchmarking approach
by: Konkanok Lattanand
Published: (2023)

Defeating SQL injection
by: SHAR, Lwin Khin, et al.
Published: (2012)

Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing
by: WU, Bozhi, et al.
Published: (2023)

Some observations on SSME academic programs based on the CDIO approach
by: Nguyễn, Thanh Tùng, et al.
Published: (2020)

BENCHMARKING CONDOMINIUM FINANCIAL PERFORMANCE
by: PECK LAY BOON
Published: (2021)

Security auditing of web security vulnerabilities using program analysis : mobile application recommendation
by: Yong, Chen Feng
Published: (2019)

Learning to iteratively solve routing problems with dual-aspect collaborative transformer
by: MA, Yining, et al.
Published: (2021)

Towards a hybrid framework for detecting input manipulation vulnerabilities
by: DING, Sun, et al.
Published: (2013)

Auditing the XSS defence features implemented in web application programs
by: Shar, Lwin Khin, et al.
Published: (2013)