Static analysis for discovering IoT vulnerabilities

Efficient Design of Static Analysis Tool for Detecting Web Vulnerabilities

The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error prone and costly, the need for automated solutions has become evident. Many web applications written in ASP suffer from injection vulnerabil...

Static analysis for detecting taint-style vulnerabilities in web applications

The number and the importance of web applications have increased rapidly over the last years. At the same time, the quantity and impact of security vulnerabilities in such applications have grown as well. Since manual code reviews are time-consuming, error-prone and costly, the need for automated solutions has become evident. In this paper, we address the problem of vulnerable web applications ...

Fixing the average internet user’s IoT Vulnerabilities

For the last couple of years, the Internet of Things (IoT) has grown rapidly. Often, the objects connected to the IoT contain security vulnerabilities, which can be exploited to perform Distributed Denial of Service (DDoS) attacks. The problem is that most of these devices are owned by non-technical skilled users which do not know their devices are comprised and, if known, do not know how to ac...

Effective Management of Static Analysis Vulnerabilities and Defects

Finding Security Vulnerabilities in Java Applications with Static Analysis

This report proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of security vulnerabilities in Web applications. We propose a static analysis approach based on a scalabl...