Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
Precise alias analysis for static detection of web application vulnerabilities
Proceedings of the 2006 workshop on Programming languages and analysis for security
Automatic generation of XSS and SQL injection attacks with goal-directed model checking
SS'08 Proceedings of the 17th conference on Security symposium
A testing framework for Web application security assessment
Computer Networks: The International Journal of Computer and Telecommunications Networking - Web security
An automatic meta-revised mechanism for anti-malicious injection
NBiS'07 Proceedings of the 1st international conference on Network-based information systems
Static analysis for detecting taint-style vulnerabilities in web applications
Journal of Computer Security
Checking enforcement of integrity constraints in database applications based on code patterns
Journal of Systems and Software
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
Program analysis scenarios in rascal
WRLA'12 Proceedings of the 9th international conference on Rewriting Logic and Its Applications
Extracting EFSMs of web applications for formal requirements specification
SAFECOMP'12 Proceedings of the 31st international conference on Computer Safety, Reliability, and Security
| Hi-index | 0.00 |
The authors describe the use of bounded modelchecking (BMC) for verifying Web application code.Vulnerable sections of code are patched automaticallywith runtime guards, allowing both verification andassurance to occur without user intervention. Modelchecking techniques are relatively complex compared tothe typestate-based polynomial-time algorithm (TS) weadopted in an earlier paper, but they offer threebenefits-they provide counterexamples, more precisemodels, and sound and complete verification. Comparedto conventional model checking techniques, BMC offers amore practical approach to verifying programscontaining large numbers of variables, but requires fixedprogram diameters to be complete. Formalizing Webapplication vulnerabilities as a secure information flowproblem with fixed diameter allows for BMC applicationwithout drawback. Using BMC-producedcounterexamples, errors that result from propagations ofthe same initial error can be reported as a single grouprather than individually. This offers two distinct benefits.First, together with the counterexamples themselves, theyallow for more descriptive and precise error reports.Second, it allows for automated patching at locationswhere errors are initially introduced rather than atlocations where the propagated errors cause problems.Results from a TS-BMC comparison test using 230 open-sourceWeb applications showed a 41.0% decrease inruntime instrumentations when BMC was used. In the 38vulnerable projects identified by TS, BMC classified theTS-reported 980 individual errors into 578 groups, witheach group requiring a minimal set of patches for repair.