Finding Security Vulnerabilities in Java']Java Web Applications with Test Generation and Dynamic Taint Analysis

被引:0
|
作者
Huang, Yu-Yu [1 ]
Chen, Kung [1 ]
Chiang, Shang-Lung [1 ]
机构
[1] Natl Chengchi Univ, Dept Comp Sci, Taipei, Taiwan
来源
PROCEEDINGS OF THE 2011 2ND INTERNATIONAL CONGRESS ON COMPUTER APPLICATIONS AND COMPUTATIONAL SCIENCE, VOL 2 | 2012年 / 145卷
关键词
D O I
暂无
中图分类号
TP18 [人工智能理论];
学科分类号
081104 ; 0812 ; 0835 ; 1405 ;
摘要
This paper investigates how to combine techniques of static and dynamic analysis for finding security vulnerabilities in Java web applications. We present a hybrid analyzer that employs test case generation and dynamic taint analysis to achieve the goal of no false negatives and reduced false positives.
引用
收藏
页码:133 / 138
页数:6
相关论文
共 50 条
  • [1] Finding security vulnerabilities in Java']Java applications with static analysis
    Livshits, VB
    Lam, MS
    USENIX ASSOCIATION PROCEEDINGS OF THE 14TH USENIX SECURITY SYMPOSIUM, 2005, : 271 - 286
  • [2] Type-Based Taint Analysis for Java']Java Web Applications
    Huang, Wei
    Dong, Yao
    Milanova, Ana
    FUNDAMENTAL APPROACHES TO SOFTWARE ENGINEERING, FASE 2014, 2014, 8411 : 140 - 154
  • [3] Statically scanning Java']Java Code: Finding security vulnerabilities
    Viega, J
    McGraw, G
    Mutdosch, T
    Felten, EW
    IEEE SOFTWARE, 2000, 17 (05) : 68 - +
  • [4] Assisting Programmers Resolving Vulnerabilities in Java']Java Web Applications
    Bathia, Pranjal
    Beerelli, Bharath Reddy
    Laverdiere, Marc-Andre
    ADVANCED COMPUTING, PT III, 2011, 133 : 268 - 279
  • [5] Static detection of logic vulnerabilities in Java']Java web applications
    Fang, Zhejun
    Zhang, Yuqing
    Kong, Ying
    Liu, Qixu
    SECURITY AND COMMUNICATION NETWORKS, 2014, 7 (03) : 519 - 531
  • [6] Dynamic taint propagation for Java']Java
    Haldar, V
    Chandra, D
    Franz, M
    21st Annual Computer Security Applications Conference, Proceedings, 2005, : 274 - 282
  • [7] Automated Test Case Generation for Java']Java EE Based Web Applications
    Fuchs, Andreas
    TESTS AND PROOFS, TAP 2018, 2018, 10889 : 167 - 176
  • [8] WebRTS: A Dynamic Regression Test Selection Tool for Java']Java Web Applications
    Long, Zhenyue
    Ao, Zeliu
    Wu, Guoquan
    Chen, Wei
    Wei, Jun
    2020 IEEE INTERNATIONAL CONFERENCE ON SOFTWARE MAINTENANCE AND EVOLUTION (ICSME 2020), 2020, : 822 - 825
  • [9] Dynamic Symbolic Execution for the Analysis of Web Server Applications in Java']Java
    Balasubramanian, Daniel
    Zhang, Zhenkai
    McDermet, Dan
    Karsai, Gabor
    SAC '19: PROCEEDINGS OF THE 34TH ACM/SIGAPP SYMPOSIUM ON APPLIED COMPUTING, 2019, : 2178 - 2185
  • [10] LAPSE plus Static Analysis Security Software: Vulnerabilities Detection in Java']Java EE Applications
    Martin Perez, Pablo
    Filipiak, Joanna
    Maria Sierra, Jose
    FUTURE INFORMATION TECHNOLOGY, PT 1, 2011, 184 : 148 - 156
12345