Please use this identifier to cite or link to this item:
https://hdl.handle.net/10356/99523| Title: | Mining input sanitization patterns for predicting SQL injection and cross site scripting vulnerabilities | Authors: | Shar, Lwin Khin Tan, Hee Beng Kuan |
Keywords: | DRNTU::Engineering::Electrical and electronic engineering | Issue Date: | 2012 | Conference: | International Conference on Software Engineering (34th : 2012 : Zurich, Switzerland) | Abstract: | Static code attributes such as lines of code and cyclomatic complexity have been shown to be useful indicators of defects in software modules. As web applications adopt input sanitization routines to prevent web security risks, static code attributes that represent the characteristics of these routines may be useful for predicting web application vulnerabilities. In this paper, we classify various input sanitization methods into different types and propose a set of static code attributes that represent these types. Then we use data mining methods to predict SQL injection and cross site scripting vulnerabilities in web applications. Preliminary experiments show that our proposed attributes are important indicators of such vulnerabilities. | URI: | https://hdl.handle.net/10356/99523 http://hdl.handle.net/10220/12857 |
DOI: | 10.1109/ICSE.2012.6227096 | Schools: | School of Electrical and Electronic Engineering | Fulltext Permission: | none | Fulltext Availability: | No Fulltext |
| Appears in Collections: | EEE Conference Papers |
SCOPUSTM
Citations
10
51
Updated on Apr 28, 2025
Page view(s) 50
587
Updated on May 7, 2025
Google ScholarTM
Check
Altmetric
Items in DR-NTU are protected by copyright, with all rights reserved, unless otherwise indicated.