A static backward taint data analysis method for detecting web application vulnerabilities

Yan, Xiao-Bo; Ma, Hengtai; Wang, Qingxian

doi:10.1109/iccsn.2017.8230288

Cited by 5 publications

(6 citation statements)

References 4 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…Many studies use static code analysis [14] in general and taint analysis [15] in particular to detect web application vulnerabilities. IDE plugins, such as [16], use static code analysis approaches to help developers identify vulnerabilities when writing their code.…”

Section: Methodsmentioning

confidence: 99%

Critical Understanding of Security Vulnerability Detection Plugin Evaluation Reports

Beba

Karlsen

et al. 2021

2021 28th Asia-Pacific Software Engineering Conference (APSEC)

View full text Add to dashboard Cite

Integrated development environment (IDE) plugins aimed at detecting web application security vulnerabilities can help developers create secure applications in the first place. Most of such IDE plugins use static source code analysis approaches. Although several empirical studies evaluated the plugins and compared their precision and recall of detecting web application security, few follow-up studies tried to understand the evaluation results. We analyzed more than 20,000 vulnerability reports based on 7,215 distinct test cases spanning 11 categories of web application vulnerabilities to understand the evaluation results of three open-source IDE plugins, namely, SpotBugs, FindSecBugs, and Early Security Vulnerability Detector (ESVD), which aimed at detecting security vulnerabilities of Java-based web applications. Our results identify many factors besides the source code analysis approach that can dramatically bias the detection performance. Based on our insights, we improved the studied plugins. In addition, our study raises the alarm that, without solid root cause analyses, the evaluation and comparisons of security vulnerability detection approaches and tools could be misleading. Thus, we proposed a guideline on reporting the evaluation results of the security vulnerability detection approaches.Index Terms-Software security, Source code analysis, Vulnerability detection, Empirical study, Root cause analysis• First, we provide insights on issues and solutions of implementing taint analysis-based security vulnerability detection tools. Some of the insights can also be generalized to other types of static source code analysis-based vulnerability detectors. • A more significant contribution is that our deep under-

show abstract

Section: Methodsmentioning

confidence: 99%

Critical Understanding of Security Vulnerability Detection Plugin Evaluation Reports

Beba

Karlsen

et al. 2021

2021 28th Asia-Pacific Software Engineering Conference (APSEC)

View full text Add to dashboard Cite

show abstract

“…• Match Fingerprint with Elements Extracted from a Model (MFM). WAVD methods in this category [6,7,11,12,23,52,53,55,60,61,64,69,71,76,77,80,81,86,108,142,145,147,150] usually begin by deriving models, e.g., CFG, DDG, AST, browsing behavior models, navigation graphs, and navigation paths. The WAVD approaches then traverse the model to extract code elements to compare with known fingerprints.…”

Section: The Classifications Of Wavd Approachesmentioning

confidence: 99%

“…The WAVD approaches then traverse the model to extract code elements to compare with known fingerprints. For example, Yan et al [12] implemented a backward variable tracing algorithm to all trace variables along all paths in AST, CFG, CG for taint analysis, which determines whether sanitization functions have sanitized a variable before the value of the variable is used in sink functions. Dahse et al [61] also built AST, CFG, and DF first and then performed backward-directed taint analysis.…”

Section: The Classifications Of Wavd Approachesmentioning

confidence: 99%

“…• Using taint analysis solely, e.g., [12,64,81], may result in a high false-positive rate because many paths of web applications are unreachable from static analysis. When the unreachable path behavior conforms to the vulnerability behavior, it is misclassified as vulnerable, which results in high FPRs.…”

Section: 31mentioning

confidence: 99%

“…Web application vulnerabilities have also been classified into three high-level categories: input validation (IPV) vulnerability, session management (SM) vulnerability, and application logic (AL) vulnerability [3,4,37]. To detect vulnerabilities, many approaches, e.g., static code analysis [2,11], taint analysis [12], white box [13], machine learning approaches [14], fuzz testing [10,17], penetration testing [18], and dynamic monitoring [19,24], have been proposed.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Efficiency and Effectiveness of Web Application Vulnerability Detection Approaches: A Review

et al. 2021

View full text Add to dashboard Cite

Most existing surveys and reviews on web application vulnerability detection (WAVD) approaches focus on comparing and summarizing the approaches’ technical details. Although some studies have analyzed the efficiency and effectiveness of specific methods, there is a lack of a comprehensive and systematic analysis of the efficiency and effectiveness of various WAVD approaches. We conducted a systematic literature review (SLR) of WAVD approaches and analyzed their efficiency and effectiveness. We identified 105 primary studies out of 775 WAVD articles published between January 2008 and June 2019. Our study identified 10 categories of artifacts analyzed by the WAVD approaches and 8 categories of WAVD meta-approaches for analyzing the artifacts. Our study’s results also summarized and compared the effectiveness and efficiency of different WAVD approaches on detecting specific categories of web application vulnerabilities and which web applications and test suites are used to evaluate the WAVD approaches. To our knowledge, this is the first SLR that focuses on summarizing the effectiveness and efficiencies of WAVD approaches. Our study results can help security engineers choose and compare WAVD tools and help researchers identify research gaps.

show abstract

Knowledge Graph Based Semi-automatic Code Auditing System

Hongji

Chen

2019

Science of Cyber Security

View full text Add to dashboard Cite

A static backward taint data analysis method for detecting web application vulnerabilities

Cited by 5 publications

References 4 publications

Critical Understanding of Security Vulnerability Detection Plugin Evaluation Reports

Critical Understanding of Security Vulnerability Detection Plugin Evaluation Reports

Efficiency and Effectiveness of Web Application Vulnerability Detection Approaches: A Review

Knowledge Graph Based Semi-automatic Code Auditing System

Contact Info

Product

Resources

About