JoanAudit: A tool for auditing common injection vulnerabilities
JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide s...
Saved in:
Main Authors: | , , , |
---|---|
Format: | text |
Language: | English |
Published: |
Institutional Knowledge at Singapore Management University
2017
|
Subjects: | |
Online Access: | https://ink.library.smu.edu.sg/sis_research/4776 https://ink.library.smu.edu.sg/context/sis_research/article/5779/viewcontent/JoanAudit_esec_fse2017_demo.pdf |
Tags: |
Add Tag
No Tags, Be the first to tag this record!
|
Institution: | Singapore Management University |
Language: | English |
id |
sg-smu-ink.sis_research-5779 |
---|---|
record_format |
dspace |
spelling |
sg-smu-ink.sis_research-57792020-01-16T10:23:25Z JoanAudit: A tool for auditing common injection vulnerabilities THOME, Julian SHAR, Lwin Khin BIANCULLI, Domenico BRIAND, Lionel JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of vulnerabilities in source code — cases where inputs are directly used in sinks without any form of sanitization — by using standard sanitization procedures. Our evaluation shows that by using JoanAudit, security auditors are required to inspect only 1% of the total code for auditing common injection vulnerabilities. The screen-cast demo is available at https://github.com/julianthome/joanaudit. 2017-09-08T07:00:00Z text application/pdf https://ink.library.smu.edu.sg/sis_research/4776 info:doi/10.1145/3106237.3122822 https://ink.library.smu.edu.sg/context/sis_research/article/5779/viewcontent/JoanAudit_esec_fse2017_demo.pdf http://creativecommons.org/licenses/by-nc-nd/4.0/ Research Collection School Of Computing and Information Systems eng Institutional Knowledge at Singapore Management University Security auditing static analysis vulnerability automated code fixing Programming Languages and Compilers Software Engineering |
institution |
Singapore Management University |
building |
SMU Libraries |
continent |
Asia |
country |
Singapore Singapore |
content_provider |
SMU Libraries |
collection |
InK@SMU |
language |
English |
topic |
Security auditing static analysis vulnerability automated code fixing Programming Languages and Compilers Software Engineering |
spellingShingle |
Security auditing static analysis vulnerability automated code fixing Programming Languages and Compilers Software Engineering THOME, Julian SHAR, Lwin Khin BIANCULLI, Domenico BRIAND, Lionel JoanAudit: A tool for auditing common injection vulnerabilities |
description |
JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures that prevent these vulnerabilities. It can also automatically fix some cases of vulnerabilities in source code — cases where inputs are directly used in sinks without any form of sanitization — by using standard sanitization procedures. Our evaluation shows that by using JoanAudit, security auditors are required to inspect only 1% of the total code for auditing common injection vulnerabilities. The screen-cast demo is available at https://github.com/julianthome/joanaudit. |
format |
text |
author |
THOME, Julian SHAR, Lwin Khin BIANCULLI, Domenico BRIAND, Lionel |
author_facet |
THOME, Julian SHAR, Lwin Khin BIANCULLI, Domenico BRIAND, Lionel |
author_sort |
THOME, Julian |
title |
JoanAudit: A tool for auditing common injection vulnerabilities |
title_short |
JoanAudit: A tool for auditing common injection vulnerabilities |
title_full |
JoanAudit: A tool for auditing common injection vulnerabilities |
title_fullStr |
JoanAudit: A tool for auditing common injection vulnerabilities |
title_full_unstemmed |
JoanAudit: A tool for auditing common injection vulnerabilities |
title_sort |
joanaudit: a tool for auditing common injection vulnerabilities |
publisher |
Institutional Knowledge at Singapore Management University |
publishDate |
2017 |
url |
https://ink.library.smu.edu.sg/sis_research/4776 https://ink.library.smu.edu.sg/context/sis_research/article/5779/viewcontent/JoanAudit_esec_fse2017_demo.pdf |
_version_ |
1770575027826065408 |