Improving the Identification of Actual Input Manipulation Vulnerabilities
نویسنده
چکیده
This paper proposes an automated, white-box security testing framework to identify true input manipulation vulnerabilities that can reduce warnings generated by static analysis tools or automated black-box testing tools.
منابع مشابه
SQLUnitGen: Test Case Generation for SQL Injection Detection
More than half of all of the vulnerabilities reported can be classified as input manipulation, such as SQL injection, cross site scripting, and buffer overflows. Increasingly, automated static analysis tools are being used to identify input manipulation vulnerabilities. However, these tools cannot detect the presence or the effectiveness of black or white list input filters and, therefore, may ...
متن کاملSQLUnitGen: SQL Injection Testing Using Static and Dynamic Analysis
This paper proposes an approach to facilitate the identification of actual input manipulation vulnerabilities via automated testing based on static analysis. We implemented a prototype of a SQL injection vulnerability detection tool, SQLUnitGen, which we compared to a static analysis tool, FindBugs. The evaluation results show that our approach can be used to locate precise vulnerable locations...
متن کاملDistillation Column Identification Using Artificial Neural Network
 Abstract: In this paper, Artificial Neural Network (ANN) was used for modeling the nonlinear structure of a debutanizer column in a refinery gas process plant. The actual input-output data of the system were measured in order to be used for system identification based on root mean square error (RMSE) minimization approach. It was shown that the designed recurrent neural network is able to pr...
متن کاملImproving penetration testing through static and dynamic analysis
Penetration testing is widely used to help ensure the security of web applications. Using penetration testing, testers discover vulnerabilities by simulating attacks on a target web application. To do this efficiently, testers rely on automated techniques that gather input vector information about the target web application and analyze the application’s responses to determine whether an attack ...
متن کاملAutomata-based Model Counting String Solver
Most common vulnerabilities in Web applications are due to string manipulation errors in input validation and sanitization code. String constraint solvers are essential components of program analysis techniques for detecting and repairing vulnerabilities that are due to string manipulation errors. For quantitative and probabilistic program analyses [1], [2], [3], [4], checking the satisfiabilit...
متن کامل