Benchmarking Approach to Compare Web Applications Static Analysis Tools Detecting OWASP Top Ten Security Vulnerabilities
نویسندگان
چکیده
منابع مشابه
Static analysis for detecting taint-style vulnerabilities in web applications
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable web applications ...
متن کاملEfficient Design of Static Analysis Tool for Detecting Web Vulnerabilities
The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error prone and costly, the need for automated solutions has become evident. Many web applications written in ASP suffer from injection vulnerabil...
متن کاملFinding Security Vulnerabilities in Java Applications with Static Analysis
This report proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of security vulnerabilities in Web applications. We propose a static analysis approach based on a scalabl...
متن کاملDetecting Security Vulnerabilities in Web Applications Using Dynamic Analysis with Penetration Testing
The number of reported web application vulnerabilities is increasing dramatically. The most of vulnerabilities result from improper input validation. This paper presents extensions to the Tainted Mode model which allows intermodule vulnerabilities detection. Besides, this paper presents a new approach to vulnerability analysis which incorporates advantages of penetration testing and dynamic ana...
متن کاملStatic Detection of Second-Order Vulnerabilities in Web Applications
Web applications evolved in the last decades from simple scripts to multi-functional applications. Such complex web applications are prone to different types of security vulnerabilities that lead to data leakage or a compromise of the underlying web server. So called secondorder vulnerabilities occur when an attack payload is first stored by the application on the web server and then later on u...
متن کاملذخیره در منابع من
با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید
ژورنال
عنوان ژورنال: Computers, Materials & Continua
سال: 2020
ISSN: 1546-2226
DOI: 10.32604/cmc.2020.010885