Proceedings of the 2017 11th Joint Meeting on Foundations of Software Engineering 2017
DOI: 10.1145/3106237.3122822
|View full text |Cite
|
Sign up to set email alerts
|

JoanAudit: a tool for auditing common injection vulnerabilities

Abstract: JoanAudit is a static analysis tool to assist security auditors in auditing Web applications and Web services for common injection vulnerabilities during software development. It automatically identifies parts of the program code that are relevant for security and generates an HTML report to guide security auditors audit the source code in a scalable way. JoanAudit is configured with various security-sensitive input sources and sinks relevant to injection vulnerabilities and standard sanitization procedures th… Show more

Help me understand this report

Search citation statements

Order By: Relevance

Paper Sections

Select...
2
1

Citation Types

0
3
0

Year Published

2019
2019
2023
2023

Publication Types

Select...
3
3

Relationship

0
6

Authors

Journals

citations
Cited by 10 publications
(3 citation statements)
references
References 36 publications
0
3
0
Order By: Relevance
“…Few research [140]- [143] is found regarding XPath. Researchers [140] and [141] both use static analysis. Thomé et al [140] proposed a method to reduce the slice that is extracted by a tool in source code analysis.…”
Section: State-of-the-art Research Of Xpath Injection Solutionsmentioning
confidence: 99%
See 1 more Smart Citation
“…Few research [140]- [143] is found regarding XPath. Researchers [140] and [141] both use static analysis. Thomé et al [140] proposed a method to reduce the slice that is extracted by a tool in source code analysis.…”
Section: State-of-the-art Research Of Xpath Injection Solutionsmentioning
confidence: 99%
“…However, their method only enhances slice but not verify vulnerabilities. Later, Thomé et al extended this work in [141] where they suggested a tool called JoanAudit that works by data flow analysis to detect and fix common injection vulnerabilities such as XSS, SQLI, XMLi, XPathI, and LDAPi in Java web system. This tool slices sensitive lines and sink of code that needs to audit regarding security checks.…”
Section: State-of-the-art Research Of Xpath Injection Solutionsmentioning
confidence: 99%
“…The catalog demonstrates different language syntax elements of fluentTQL and how they can be used for specifying vulnerabilities. The Java examples and the SM are manually collected from several sources including the Mitre (Mitre, 2020b) and OWASP (OWASP, 2020b) databases, OWASP benchmark project(OWASP, 2020a), and other publicly available SM lists (Arzt et al, 2013;Brooke, 2013;Piskachev et al, 2019;Thomé et al, 2017).…”
Section: Rq3 Expressivenessmentioning
confidence: 99%