Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns

Predicting SQL injection and cross site scripting vulnerabilities through mining input sanitization patterns

ContextSQL injection (SQLI) and cross site scripting (XSS) are the two most common and serious web application vulnerabilities for the past decade. To mitigate these two security threats, many vulnerability detection approaches based on static and dynamic taint analysis techniques have been proposed...

Full description

Saved in:

Bibliographic Details
Main Authors:	SHAR, Lwin Khin, TAN, Hee Beng Kuan
Format:	text
Language:	English
Published:	Institutional Knowledge at Singapore Management University 2013
Subjects:	Vulnerability prediction Data mining Web application vulnerability Input sanitization Static code attributes Empirical study Data Storage Systems Software Engineering
Online Access:	https://ink.library.smu.edu.sg/sis_research/4896 https://ink.library.smu.edu.sg/context/sis_research/article/5899/viewcontent/Predicting___PV.pdf
Tags:	Add Tag No Tags, Be the first to tag this record!
Institution:	Singapore Management University
Language:	English

Similar Items

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
by: SHAR, Lwin Khin, et al.
Published: (2012)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: SHAR, Lwin Khin, et al.
Published: (2012)

Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis
by: SHAR, Lwin Khin, et al.
Published: (2013)

Towards a hybrid framework for detecting input manipulation vulnerabilities
by: DING, Sun, et al.
Published: (2013)

Security slicing for auditing XML, XPath, and SQL injection vulnerabilities
by: THOME, Julian, et al.
Published: (2015)

Web application vulnerability prediction using hybrid program analysis and machine learning
by: SHAR, Lwin Khin, et al.
Published: (2014)

Semi-automated verification of defense against SQL injection in web applications
by: LIU, Kaiping, et al.
Published: (2012)

Automated removal of cross site scripting vulnerabilities in web applications
by: SHAR, Lwin Khin, et al.
Published: (2011)

Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities
by: Shar, Lwin Khin, et al.
Published: (2013)

Defending against cross site scripting attacks
by: SHAR, Lwin Khin, et al.
Published: (2011)

An empirical study of blockchain system vulnerabilities: modules, types, and patterns
by: YI, Xiao, et al.
Published: (2022)

Security slicing for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

Auditing the defense against cross site scripting in web applications
by: SHAR, Lwin Khin, et al.
Published: (2010)

JoanAudit: A tool for auditing common injection vulnerabilities
by: THOME, Julian, et al.
Published: (2017)

An integrated approach for effective injection vulnerability analysis of web applications through security slicing and hybrid constraint solving
by: THOME, Julian, et al.
Published: (2018)

Towards practical binary code similarity detection: vulnerability verification via patch semantic analysis
by: Yang, Shouguo, et al.
Published: (2024)

Combining Software Metrics and Text Features for Vulnerable File Prediction
by: ZHANG, Yun, et al.
Published: (2015)

CoLeFunDa: Explainable silent vulnerability fix identification
by: ZHOU, Jiayuan, et al.
Published: (2023)

On-the-fly Android static analysis with applications in vulnerability discovery
by: WU, Daoyuan
Published: (2019)

Search-driven string constraint solving for vulnerability detection
by: THOME, Julian, et al.
Published: (2017)

Predicting common web application vulnerabilities from input validation and sanitization code patterns
by: Shar, Lwin Khin, et al.
Published: (2013)

Automatic vulnerability detection and repair
by: MA, Siqi
Published: (2018)

Finding real world software vulnerabilities using ChatGPT
by: Wong, Sean Chun Foh
Published: (2024)

Mining patterns of unsatisfiable constraints to detect infeasible paths
by: DING, Sun, et al.
Published: (2015)

Defeating SQL injection
by: SHAR, Lwin Khin, et al.
Published: (2012)

SoFi: Reflection-augmented fuzzing for JavaScript engines
by: HE, Xiaoyu, et al.
Published: (2021)

UCRF: static analyzing firmware to generate under-constrained seed for fuzzing SOHO router
by: Qin, Chuan, et al.
Published: (2023)

A model for multi-criterion disaster vulnerability assessment of economic systems: Implications for Vietnam's bioethanol policy
by: Yu, Krista Danielle S., et al.
Published: (2016)

Mitigating SQL injection and cross site scripting vulnerabilities using program analysis and data mining techniques
by: Shar, Lwin Khin
Published: (2013)

Enhancing code vulnerability detection via vulnerability-preserving data augmentation
by: LIU, Shangqing, et al.
Published: (2024)

EXPLORING A TRANSDIAGNOSTIC COGNITIVE VULNERABILITY TO INTERNALIZING SYMPTOMS IN ADOLESCENTS
by: RUTH POH YI NING
Published: (2019)

A closer look at the security risks in the Rust ecosystem
by: ZHENG, Xiaoye, et al.
Published: (2023)

Vulnerability assessment of Tsunami affected tourism community: a case study of Koh Phi Phi, Thailand.
by: Kannapa Pongponrat
Published: (2015)

Finding RESTful API vulnerabilities using ChatGPT
by: Ho, Kenneth Jun Minn
Published: (2024)

Trans-boundary variations of urban drought vulnerability and its impact on water resource management in Singapore and Johor, Malaysia
by: Chuah, Chong Joon, et al.
Published: (2019)

Spatial heterogeneous of ecological vulnerability in arid and semi-arid area: A case of the Ningxia Hui autonomous region, China
by: Li, R., et al.
Published: (2021)

Simulation-based vulnerability assessment in transit systems with cascade failures
by: Chen, Hongyu, et al.
Published: (2022)

Remote sensing and GIS-based flood vulnerability assessment of human settlements: A case study of Gangetic West Bengal, India
by: Sanyal, J., et al.
Published: (2011)

Automated removal of cross site scripting vulnerabilities in web applications
by: Shar, Lwin Khin, et al.
Published: (2013)

Software composition analysis for vulnerability detection: An empirical study on Java projects
by: ZHAO, Lida, et al.
Published: (2023)