Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routi...
Saved in:
| Main Authors: | , |
|---|---|
| Format: | text |
| Language: | English |
| Published: |
Institutional Knowledge at Singapore Management University
2012
|
| Subjects: | |
| Online Access: | https://ink.library.smu.edu.sg/sis_research/4679 https://ink.library.smu.edu.sg/context/sis_research/article/5682/viewcontent/Mining_input_sanitization_patterns_for_predicting_SQL_injection_and_cross_site_scripting_vulnerabilities_icse12.pdf |
| Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
| Institution: | Singapore Management University |
| Language: | English |
| id |
sg-smu-ink.sis_research-5682 |
|---|---|
| record_format |
dspace |
| spelling |
sg-smu-ink.sis_research-56822020-02-19T12:26:44Z Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities SHAR, Lwin Khin TAN, Hee Beng Kuan Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routines may be useful for predicting web application vulnerabilities. In this paper, we classify various input sanitization methods into different types and propose a set of static code attributes that represent these types. Then we use data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Preliminary experiments show that our proposed attributes are important indicators of such vulnerabilities 2012-06-09T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4679 info:doi/10.1109/ICSE.2012.6227096 https://ink.library.smu.edu.sg/context/sis_research/article/5682/viewcontent/Mining_input_sanitization_patterns_for_predicting_SQL_injection_and_cross_site_scripting_vulnerabilities_icse12.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University defect prediction data mining static code attributes web security vulnerabilities input sanitization Information Security Software Engineering |
| institution |
Singapore Management University |
| building |
SMU Libraries |
| continent |
Asia |
| country |
Singapore Singapore |
| content_provider |
SMU Libraries |
| collection |
InK@SMU |
| language |
English |
| topic |
defect prediction data mining static code attributes web security vulnerabilities input sanitization Information Security Software Engineering |
| spellingShingle |
defect prediction data mining static code attributes web security vulnerabilities input sanitization Information Security Software Engineering SHAR, Lwin Khin TAN, Hee Beng Kuan Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| description |
Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routines may be useful for predicting web application vulnerabilities. In this paper, we classify various input sanitization methods into different types and propose a set of static code attributes that represent these types. Then we use data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Preliminary experiments show that our proposed attributes are important indicators of such vulnerabilities |
| format |
text |
| author |
SHAR, Lwin Khin TAN, Hee Beng Kuan |
| author_facet |
SHAR, Lwin Khin TAN, Hee Beng Kuan |
| author_sort |
SHAR, Lwin Khin |
| title |
Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_short |
Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_full |
Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_fullStr |
Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_full_unstemmed |
Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities |
| title_sort |
mining input sanitization patterns for predicting sql injection and cross site scripting vulnerabilities |
| publisher |
Institutional Knowledge at Singapore Management University |
| publishDate |
2012 |
| url |
https://ink.library.smu.edu.sg/sis_research/4679 https://ink.library.smu.edu.sg/context/sis_research/article/5682/viewcontent/Mining_input_sanitization_patterns_for_predicting_SQL_injection_and_cross_site_scripting_vulnerabilities_icse12.pdf |
| _version_ |
1770574963357515776 |