The program dependence graph and its use in optimization
ACM Transactions on Programming Languages and Systems (TOPLAS)
Methodology for Validating Software Metrics
IEEE Transactions on Software Engineering
Ordering effects in clustering
ML92 Proceedings of the ninth international workshop on Machine learning
Elements of Software Science (Operating and programming systems series)
Elements of Software Science (Operating and programming systems series)
Introduction to Machine Learning (Adaptive Computation and Machine Learning)
Introduction to Machine Learning (Adaptive Computation and Machine Learning)
A Survey of Controlled Experiments in Software Engineering
IEEE Transactions on Software Engineering
Pixy: A Static Analysis Tool for Detecting Web Application Vulnerabilities (Short Paper)
SP '06 Proceedings of the 2006 IEEE Symposium on Security and Privacy
Data Mining
Statistical Comparisons of Classifiers over Multiple Data Sets
The Journal of Machine Learning Research
Data Mining Static Code Attributes to Learn Defect Predictors
IEEE Transactions on Software Engineering
Finding security vulnerabilities in java applications with static analysis
SSYM'05 Proceedings of the 14th conference on USENIX Security Symposium - Volume 14
Static detection of security vulnerabilities in scripting languages
USENIX-SS'06 Proceedings of the 15th conference on USENIX Security Symposium - Volume 15
IEEE Transactions on Software Engineering
Predicting vulnerable software components
Proceedings of the 14th ACM conference on Computer and communications security
Predicting defects using network analysis on dependency graphs
Proceedings of the 30th international conference on Software engineering
Implications of ceiling effects in defect predictors
Proceedings of the 4th international workshop on Predictor models in software engineering
Dynamic test input generation for web applications
ISSTA '08 Proceedings of the 2008 international symposium on Software testing and analysis
IEEE Transactions on Software Engineering
Prioritizing software security fortification throughcode-level metrics
Proceedings of the 4th ACM workshop on Quality of protection
On automated prepared statement generation to remove SQL injection vulnerabilities
Information and Software Technology
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
XSS Attacks: Cross Site Scripting Exploits and Defense
XSS Attacks: Cross Site Scripting Exploits and Defense
Validation of network measures as indicators of defective modules in software systems
PROMISE '09 Proceedings of the 5th International Conference on Predictor Models in Software Engineering
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
HAMPI: a solver for string constraints
Proceedings of the eighteenth international symposium on Software testing and analysis
Journal of Systems and Software
Security of open source web applications
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Defect prediction from static code features: current results, limitations, new approaches
Automated Software Engineering
Replication of defect prediction studies: problems, pitfalls and recommendations
Proceedings of the 6th International Conference on Predictive Models in Software Engineering
Choosing software metrics for defect prediction: an investigation on feature selection techniques
Software—Practice & Experience
A General Software Defect-Proneness Prediction Framework
IEEE Transactions on Software Engineering
IEEE Transactions on Software Engineering
Automated removal of cross site scripting vulnerabilities in web applications
Information and Software Technology
CUTE and jCUTE: concolic unit testing and explicit path model-checking tools
CAV'06 Proceedings of the 18th international conference on Computer Aided Verification
Proceedings of the 34th International Conference on Software Engineering
Mining SQL injection and cross site scripting vulnerabilities using hybrid program analysis
Proceedings of the 2013 International Conference on Software Engineering
Hi-index | 0.00 |
Context: SQL injection (SQLI) and cross site scripting (XSS) are the two most common and serious web application vulnerabilities for the past decade. To mitigate these two security threats, many vulnerability detection approaches based on static and dynamic taint analysis techniques have been proposed. Alternatively, there are also vulnerability prediction approaches based on machine learning techniques, which showed that static code attributes such as code complexity measures are cheap and useful predictors. However, current prediction approaches target general vulnerabilities. And most of these approaches locate vulnerable code only at software component or file levels. Some approaches also involve process attributes that are often difficult to measure. Objective: This paper aims to provide an alternative or complementary solution to existing taint analyzers by proposing static code attributes that can be used to predict specific program statements, rather than software components, which are likely to be vulnerable to SQLI or XSS. Method: From the observations of input sanitization code that are commonly implemented in web applications to avoid SQLI and XSS vulnerabilities, in this paper, we propose a set of static code attributes that characterize such code patterns. We then build vulnerability prediction models from the historical information that reflect proposed static attributes and known vulnerability data to predict SQLI and XSS vulnerabilities. Results: We developed a prototype tool called PhpMinerI for data collection and used it to evaluate our models on eight open source web applications. Our best model achieved an averaged result of 93% recall and 11% false alarm rate in predicting SQLI vulnerabilities, and 78% recall and 6% false alarm rate in predicting XSS vulnerabilities. Conclusion: The experiment results show that our proposed vulnerability predictors are useful and effective at predicting SQLI and XSS vulnerabilities.