Please use this identifier to cite or link to this item:
Title: Predicting common web application vulnerabilities from input validation and sanitization code patterns
Authors: Shar, Lwin Khin
Tan, Hee Beng Kuan
Keywords: DRNTU::Engineering::Electrical and electronic engineering
Issue Date: 2012
Source: Shar, L. K., & Tan, H. B. K. (2012). Predicting common web application vulnerabilities from input validation and sanitization code patterns. Proceedings of the 27th IEEE/ACM International Conference on Automated Software Engineering - ASE 2012.
Abstract: Software defect prediction studies have shown that defect predictors built from static code attributes are useful and effective. On the other hand, to mitigate the threats posed by common web application vulnerabilities, many vulnerability detection approaches have been proposed. However, finding alternative solutions to address these risks remains an important research problem. As web applications generally adopt input validation and sanitization routines to prevent web security risks, in this paper, we propose a set of static code attributes that represent the characteristics of these routines for predicting the two most common web application vulnerabilities—SQL injection and cross site scripting. In our experiments, vulnerability predictors built from the proposed attributes detected more than 80% of the vulnerabilities in the test subjects at low false alarm rates.
DOI: 10.1145/2351676.2351733
Rights: © 2012 ACM.
Fulltext Permission: none
Fulltext Availability: No Fulltext
Appears in Collections:EEE Conference Papers

Citations 5

Updated on Feb 1, 2023

Page view(s) 50

Updated on Feb 1, 2023

Google ScholarTM




Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.