Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities

Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routi...

Full description

Saved in:

Bibliographic Details
Main Authors:	SHAR, Lwin Khin, TAN, Hee Beng Kuan
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2012
Subjects:	defect prediction data mining static code attributes web security vulnerabilities input sanitization Information Security Software Engineering
Online Access:	https://ink.library.smu.edu.sg/sis_research/4679 https://ink.library.smu.edu.sg/context/sis_research/article/5682/viewcontent/Mining_input_sanitization_patterns_for_predicting_SQL_injection_and_cross_site_scripting_vulnerabilities_icse12.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns
by: SHAR, Lwin Khin, et al.
Published: (2013)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: SHAR, Lwin Khin, et al.
Published: (2012)

Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis
by: SHAR, Lwin Khin, et al.
Published: (2013)

Security slicing for auditing XML, XPath, and SQL injection vulnerabilities
by: THOME, Julian, et al.
Published: (2015)

Semi-automated verification of defense against SQL injection in web applications
by: LIU, Kaiping, et al.
Published: (2012)

Towards a hybrid framework for detecting input manipulation vulnerabilities
by: DING, Sun, et al.
Published: (2013)

Web application vulnerability prediction using hybrid program analysis and machine learning
by: SHAR, Lwin Khin, et al.
Published: (2014)

Automated removal of cross site scripting vulnerabilities in web applications
by: SHAR, Lwin Khin, et al.
Published: (2011)

Defending against cross site scripting attacks
by: SHAR, Lwin Khin, et al.
Published: (2011)

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
by: Shar, Lwin Khin, et al.
Published: (2013)

Security slicing for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Defeating SQL injection
by: SHAR, Lwin Khin, et al.
Published: (2012)

Auditing the defense against cross site scripting in web applications
by: SHAR, Lwin Khin, et al.
Published: (2010)

JoanAudit: A tool for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: THOME, Julian, et al.
Published: (2018)

An empirical study of blockchain system vulnerabilities: modules, types, and patterns
by: YI, Xiao, et al.
Published: (2022)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: Shar, Lwin Khin, et al.
Published: (2013)

On-the-fly Android static analysis with applications in vulnerability discovery
by: WU, Daoyuan
Published: (2019)

Mitigating SQL injection and cross site scripting vulnerabilities using program analysis and data mining techniques
by: Shar, Lwin Khin
Published: (2013)

SoFi: Reflection-augmented fuzzing for JavaScript engines
by: HE, Xiaoyu, et al.
Published: (2021)

Automated removal of cross site scripting vulnerabilities in web applications
by: Shar, Lwin Khin, et al.
Published: (2013)

Enhancing code vulnerability detection via vulnerability-preserving data augmentation
by: LIU, Shangqing, et al.
Published: (2024)

Protecting sensitive web content from client-side vulnerabilities with CRYPTONS
by: Dong, X., et al.
Published: (2014)

Towards understanding Android system vulnerabilities: Techniques and insights
by: WU, Daoyuan, et al.
Published: (2019)

Vulnerability analysis of EMAP: An efficient RFID mutual authentication protocol
by: LI, Tieyan, et al.
Published: (2007)

VulCurator: a vulnerability-fixing commit detector
by: NGUYEN, Truong Giang, et al.
Published: (2022)

Mining patterns of unsatisfiable constraints to detect infeasible paths
by: DING, Sun, et al.
Published: (2015)

ANALYSIS ON LARGE LANGUAGE MODEL VULNERABLE CODE GENERATION AND SELF-REPAIR ABILITY
by: KIM SUNG YONG
Published: (2024)

Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis
by: Yang, Shouguo, et al.
Published: (2024)

CoLeFunDa: Explainable silent vulnerability fix identification
by: ZHOU, Jiayuan, et al.
Published: (2023)

Incremental neural network training with an increasing input dimension
by: Guan, S.-U., et al.
Published: (2014)

XSS for the masses: Integrating security in a web programming course using a security scanner
by: SHAR, Lwin Khin, et al.
Published: (2022)

Multi-Granularity Detector for Vulnerability Fixes
by: NGUYEN, Truong Giang, et al.
Published: (2023)

Combining Software Metrics and Text Features for Vulnerable File Prediction
by: ZHANG, Yun, et al.
Published: (2015)

Diarrheal disease, sanitation, and culture in India
by: Mohanty, Aatishya, et al.
Published: (2023)

Defending against cross-site scripting attacks
by: Shar, Lwin Khin, et al.
Published: (2013)

Search-driven string constraint solving for vulnerability detection
by: THOME, Julian, et al.
Published: (2017)

Learning program semantics for vulnerability detection via vulnerability-specific inter-procedural slicing
by: WU, Bozhi, et al.
Published: (2023)

Techniques for identifying mobile platform vulnerabilities and detecting policy-violating applications
by: SU, Mon Kywe
Published: (2016)

Semi-automated verification of defense against SQL injection in web applications
by: Liu, Kaiping, et al.
Published: (2013)