Predicting common web application vulnerabilities from input validation and sanitization code patterns
Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding al...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2012
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4678 https://ink.library.smu.edu.sg/context/sis_research/article/5681/viewcontent/Predicting_Common_Web_App_Vunerabilities_2012.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5681 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-56812020-02-14T04:04:42Z Predicting common web application vulnerabilities from input validation and sanitization code patterns SHAR, Lwin Khin TAN, Hee Beng Kuan Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding alternative solutions to address these risks remains an important research problem. As web applications generally adopt input validation and sanitization routines to prevent web security risks, in this paper, we propose a set of static code attributes that represent the characteristics of these routines for predicting the two most common web application vulnerabilities—SQL injection and cross site scripting. In our experiments, vulnerability predictors built from the proposed attributes detected more than 80% of the vulnerabilities in the test subjects at low false alarm rates. 2012-09-07T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4678 info:doi/10.1145/2351676.2351733 https://ink.library.smu.edu.sg/context/sis_research/article/5681/viewcontent/Predicting_Common_Web_App_Vunerabilities_2012.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Defect prediction static code attributes web application vulnerabilities input validation and sanitization empirical study Information Security Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
Defect prediction static code attributes web application vulnerabilities input validation and sanitization empirical study Information Security Software Engineering |
| spellingShingle |
Defect prediction static code attributes web application vulnerabilities input validation and sanitization empirical study Information Security Software Engineering SHAR, Lwin Khin TAN, Hee Beng Kuan Predicting common web application vulnerabilities from input validation and sanitization code patterns |
| description |
Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding alternative solutions to address these risks remains an important research problem. As web applications generally adopt input validation and sanitization routines to prevent web security risks, in this paper, we propose a set of static code attributes that represent the characteristics of these routines for predicting the two most common web application vulnerabilities—SQL injection and cross site scripting. In our experiments, vulnerability predictors built from the proposed attributes detected more than 80% of the vulnerabilities in the test subjects at low false alarm rates. |
| format |
text |
| author |
SHAR, Lwin Khin TAN, Hee Beng Kuan |
| author_facet |
SHAR, Lwin Khin TAN, Hee Beng Kuan |
| author_sort |
SHAR, Lwin Khin |
| title |
Predicting common web application vulnerabilities from input validation and sanitization code patterns |
| title_short |
Predicting common web application vulnerabilities from input validation and sanitization code patterns |
| title_full |
Predicting common web application vulnerabilities from input validation and sanitization code patterns |
| title_fullStr |
Predicting common web application vulnerabilities from input validation and sanitization code patterns |
| title_full_unstemmed |
Predicting common web application vulnerabilities from input validation and sanitization code patterns |
| title_sort |
predicting common web application vulnerabilities from input validation and sanitization code patterns |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2012 |
| url |
https://ink.library.smu.edu.sg/sis_research/4678 https://ink.library.smu.edu.sg/context/sis_research/article/5681/viewcontent/Predicting_Common_Web_App_Vunerabilities_2012.pdf |
| _version_ |
1770574963102711808 |