Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis

Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis

In previous work, we proposed a set of static attributes that characterize input validation and input sanitization code patterns. We showed that some of the proposed static attributes are significant predictors of SQL injection and cross site scripting vulnerabilities. Static attributes have the adv...

Full description

Saved in:

Bibliographic Details
Main Authors:	SHAR, Lwin Khin, TAN, Hee Beng Kuan, BRIAND, Lionel C.
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2013
Subjects:	Defect prediction vulnerability input validation and sanitization static and dynamic analysis empirical study Software Engineering
Online Access:	https://ink.library.smu.edu.sg/sis_research/4781 https://ink.library.smu.edu.sg/context/sis_research/article/5784/viewcontent/Mining_SQL_Injection_and_Cross_Site_Scripting_Vulnerabilities_using_Hybrid_Program_Analysis_ICSE13.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
by: SHAR, Lwin Khin, et al.
Published: (2012)

Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns
by: SHAR, Lwin Khin, et al.
Published: (2013)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: SHAR, Lwin Khin, et al.
Published: (2012)

Web application vulnerability prediction using hybrid program analysis and machine learning
by: SHAR, Lwin Khin, et al.
Published: (2014)

Security slicing for auditing XML, XPath, and SQL injection vulnerabilities
by: THOME, Julian, et al.
Published: (2015)

Auditing the defense against cross site scripting in web applications
by: SHAR, Lwin Khin, et al.
Published: (2010)

Security slicing for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
by: Shar, Lwin Khin, et al.
Published: (2013)

Towards a hybrid framework for detecting input manipulation vulnerabilities
by: DING, Sun, et al.
Published: (2013)

Semi-automated verification of defense against SQL injection in web applications
by: LIU, Kaiping, et al.
Published: (2012)

JoanAudit: A tool for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: THOME, Julian, et al.
Published: (2018)

Mitigating SQL injection and cross site scripting vulnerabilities using program analysis and data mining techniques
by: Shar, Lwin Khin
Published: (2013)

Automated removal of cross site scripting vulnerabilities in web applications
by: SHAR, Lwin Khin, et al.
Published: (2011)

Defeating SQL injection
by: SHAR, Lwin Khin, et al.
Published: (2012)

Defending against cross site scripting attacks
by: SHAR, Lwin Khin, et al.
Published: (2011)

Search-driven string constraint solving for vulnerability detection
by: THOME, Julian, et al.
Published: (2017)

Automated removal of cross site scripting vulnerabilities in web applications
by: Shar, Lwin Khin, et al.
Published: (2013)

Semi-automated verification of defense against SQL injection in web applications
by: Liu, Kaiping, et al.
Published: (2013)

Mining patterns of unsatisfiable constraints to detect infeasible paths
by: DING, Sun, et al.
Published: (2015)

Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis
by: Yang, Shouguo, et al.
Published: (2024)

On-the-fly Android static analysis with applications in vulnerability discovery
by: WU, Daoyuan
Published: (2019)

Defending against cross-site scripting attacks
by: Shar, Lwin Khin, et al.
Published: (2013)

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: Thome, Julian, et al.
Published: (2021)

Test and Validation of Building Energy Simulation Tools
by: ZHANG XIANGJING
Published: (2012)

Just-in-time defect prediction on JavaScript projects: A replication study
by: NI, Chao, et al.
Published: (2022)

A model for multi-criterion disaster vulnerability assessment of economic systems: Implications for Vietnam's bioethanol policy
by: Yu, Krista Danielle S., et al.
Published: (2016)

UCRF: static analyzing firmware to generate under-constrained seed for fuzzing SOHO router
by: Qin, Chuan, et al.
Published: (2023)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: Shar, Lwin Khin, et al.
Published: (2013)

Out of sight, out of mind? How vulnerable dependencies affect open-source projects
by: PRANA, Gede Artha Azriadi, et al.
Published: (2021)

SoFi: Reflection-augmented fuzzing for JavaScript engines
by: HE, Xiaoyu, et al.
Published: (2021)

Automatic vulnerability detection and repair
by: MA, Siqi
Published: (2018)

A closer look at the security risks in the Rust ecosystem
by: ZHENG, Xiaoye, et al.
Published: (2023)

Finding real world software vulnerabilities using ChatGPT
by: Wong, Sean Chun Foh
Published: (2024)

Comparison and evaluation on Static Application Security Testing (SAST) tools for Java
by: LI, Kaixuan, et al.
Published: (2023)

Enhancing code vulnerability detection via vulnerability-preserving data augmentation
by: LIU, Shangqing, et al.
Published: (2024)

THE ASSESSMENT OF THE QUALITY OF WATER RESOURCES IN NORTHERN THAILAND: TOWARDS SAFE DRINKING-WATER ACCESS FOR VULNERABLE POPULATIONS
by: CHUAH CHONG JOON
Published: (2016)

EXPLORING A TRANSDIAGNOSTIC COGNITIVE VULNERABILITY TO INTERNALIZING SYMPTOMS IN ADOLESCENTS
by: RUTH POH YI NING
Published: (2019)

Learning Extended FSA from Software: An Empirical Assessment
by: LO, David, et al.
Published: (2012)

Finding RESTful API vulnerabilities using ChatGPT
by: Ho, Kenneth Jun Minn
Published: (2024)