Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities

Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routi...

Full description

Saved in:
Bibliographic Details
Main Authors: Shar, Lwin Khin, Tan, Hee Beng Kuan
Other Authors: School of Electrical and Electronic Engineering
Format: Conference or Workshop Item
Language:English
Published: 2013
Subjects:
Online Access:https://hdl.handle.net/10356/99523
http://hdl.handle.net/10220/12857
Tags: Add Tag
No Tags, Be the first to tag this record!
Institution: Nanyang Technological University
Language: English
id sg-ntu-dr.10356-99523
record_format dspace
spelling sg-ntu-dr.10356-995232020-03-07T13:24:49Z Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities Shar, Lwin Khin Tan, Hee Beng Kuan School of Electrical and Electronic Engineering International Conference on Software Engineering (34th : 2012 : Zurich, Switzerland) DRNTU::Engineering::Electrical and electronic engineering Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routines may be useful for predicting web application vulnerabilities. In this paper, we classify various input sanitization methods into different types and propose a set of static code attributes that represent these types. Then we use data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Preliminary experiments show that our proposed attributes are important indicators of such vulnerabilities. 2013-08-02T03:36:37Z 2019-12-06T20:08:21Z 2013-08-02T03:36:37Z 2019-12-06T20:08:21Z 2012 2012 Conference Paper https://hdl.handle.net/10356/99523 http://hdl.handle.net/10220/12857 10.1109/ICSE.2012.6227096 en
institution Nanyang Technological University
building NTU Library
country Singapore
collection DR-NTU
language English
topic DRNTU::Engineering::Electrical and electronic engineering
spellingShingle DRNTU::Engineering::Electrical and electronic engineering
Shar, Lwin Khin
Tan, Hee Beng Kuan
Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
description Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routines may be useful for predicting web application vulnerabilities. In this paper, we classify various input sanitization methods into different types and propose a set of static code attributes that represent these types. Then we use data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Preliminary experiments show that our proposed attributes are important indicators of such vulnerabilities.
author2 School of Electrical and Electronic Engineering
author_facet School of Electrical and Electronic Engineering
Shar, Lwin Khin
Tan, Hee Beng Kuan
format Conference or Workshop Item
author Shar, Lwin Khin
Tan, Hee Beng Kuan
author_sort Shar, Lwin Khin
title Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
title_short Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
title_full Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
title_fullStr Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
title_full_unstemmed Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
title_sort mining input sanitization patterns for predicting sql injection and cross site scripting vulnerabilities
publishDate 2013
url https://hdl.handle.net/10356/99523
http://hdl.handle.net/10220/12857
_version_ 1681036191330205696