Predicting common web application vulnerabilities from input validation and sanitization code patterns

Predicting common web application vulnerabilities from input validation and sanitization code patterns

Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding al...

Full description

Saved in:
Bibliographic Details
Main Authors: Shar, Lwin Khin, Tan, Hee Beng Kuan
Other Authors: School of Electrical and Electronic Engineering
Format: Conference or Workshop Item
Language:English
Published: 2013
Subjects:
DRNTU::Engineering::Electrical and electronic engineering
Online Access:https://hdl.handle.net/10356/97511
http://hdl.handle.net/10220/11832
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-97511
record_format dspace
spelling sg-ntu-dr.10356-975112020-03-07T13:24:47Z Predicting common web application vulnerabilities from input validation and sanitization code patterns Shar, Lwin Khin Tan, Hee Beng Kuan School of Electrical and Electronic Engineering International Conference on Automated Software Engineering (27th : 2012 : Essen, Germany) DRNTU::Engineering::Electrical and electronic engineering Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding alternative solutions to address these risks remains an important research problem. As web applications generally adopt input validation and sanitization routines to prevent web security risks, in this paper, we propose a set of static code attributes that represent the characteristics of these routines for predicting the two most common web application vulnerabilities—SQL injection and cross site scripting. In our experiments, vulnerability predictors built from the proposed attributes detected more than 80% of the vulnerabilities in the test subjects at low false alarm rates. 2013-07-18T02:51:02Z 2019-12-06T19:43:27Z 2013-07-18T02:51:02Z 2019-12-06T19:43:27Z 2012 2012 Conference Paper Shar, L. K., & Tan, H. B. K. (2012). Predicting common web application vulnerabilities from input validation and sanitization code patterns. Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering - ASE 2012. https://hdl.handle.net/10356/97511 http://hdl.handle.net/10220/11832 10.1145/2351676.2351733 en © 2012 ACM.
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic DRNTU::Engineering::Electrical and electronic engineering
spellingShingle DRNTU::Engineering::Electrical and electronic engineering
Shar, Lwin Khin
Tan, Hee Beng Kuan
Predicting common web application vulnerabilities from input validation and sanitization code patterns
description Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding alternative solutions to address these risks remains an important research problem. As web applications generally adopt input validation and sanitization routines to prevent web security risks, in this paper, we propose a set of static code attributes that represent the characteristics of these routines for predicting the two most common web application vulnerabilities—SQL injection and cross site scripting. In our experiments, vulnerability predictors built from the proposed attributes detected more than 80% of the vulnerabilities in the test subjects at low false alarm rates.
author2 School of Electrical and Electronic Engineering
author_facet School of Electrical and Electronic Engineering
Shar, Lwin Khin
Tan, Hee Beng Kuan
format Conference or Workshop Item
author Shar, Lwin Khin
Tan, Hee Beng Kuan
author_sort Shar, Lwin Khin
title Predicting common web application vulnerabilities from input validation and sanitization code patterns
title_short Predicting common web application vulnerabilities from input validation and sanitization code patterns
title_full Predicting common web application vulnerabilities from input validation and sanitization code patterns
title_fullStr Predicting common web application vulnerabilities from input validation and sanitization code patterns
title_full_unstemmed Predicting common web application vulnerabilities from input validation and sanitization code patterns
title_sort predicting common web application vulnerabilities from input validation and sanitization code patterns
publishDate 2013
url https://hdl.handle.net/10356/97511
http://hdl.handle.net/10220/11832
_version_ 1681035908206297088

Similar Items