Data-flow based vulnerability analysis and Java']Java bytecode

The security of information systems has been the focus because of network applications. Vulnerability analysis is widely used to evaluate the security of a system to assure system security. With the help of vulnerability analysis, the security risk of a system can be predicted so that the countermeasures are arranged in advance. These will promote system security effectively. The object of vulnerability analysis is to find out the unknown security holes in a system. It could be helpful to understand the characteristics of security holes and to assess the security risk of a system. Data-flow based analysis shows its predominance in vulnerability analysis because the vulnerability is data-flow dependent. The paper discusses how to use data-flow analysis in vulnerability analysis. The way to apply data-flow analysis in Java bytecode vulnerability analyzing is presented.