Points-to analysis in almost linear time
POPL '96 Proceedings of the 23rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Parametric shape analysis via 3-valued logic
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
JFlow: practical mostly-static information flow control
Proceedings of the 26th ACM SIGPLAN-SIGACT symposium on Principles of programming languages
A static analyzer for finding dynamic programming errors
Software—Practice & Experience
A system and language for building system-specific, static analyses
PLDI '02 Proceedings of the ACM SIGPLAN 2002 Conference on Programming language design and implementation
Writing Secure Code
SQL Server Security
Tracking pointers with path and context sensitivity for bug detection in C programs
Proceedings of the 9th European software engineering conference held jointly with 11th ACM SIGSOFT international symposium on Foundations of software engineering
The Common Language Infrastructure Annotated Standard
The Common Language Infrastructure Annotated Standard
Securing web application code by static analysis and runtime protection
Proceedings of the 13th international conference on World Wide Web
Cloning-based context-sensitive pointer alias analysis using binary decision diagrams
Proceedings of the ACM SIGPLAN 2004 conference on Programming language design and implementation
Static Checking of Dynamically Generated Queries in Database Applications
Proceedings of the 26th International Conference on Software Engineering
IEEE Security and Privacy
Java(TM) Developer's Guide to Eclipse, The (2nd Edition)
Java(TM) Developer's Guide to Eclipse, The (2nd Edition)
IEEE Security and Privacy
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
Detecting format string vulnerabilities with type qualifiers
SSYM'01 Proceedings of the 10th conference on USENIX Security Symposium - Volume 10
Finding user/kernel pointer bugs with type inference
SSYM'04 Proceedings of the 13th conference on USENIX Security Symposium - Volume 13
StackGuard: automatic adaptive detection and prevention of buffer-overflow attacks
SSYM'98 Proceedings of the 7th conference on USENIX Security Symposium - Volume 7
Finding application errors and security flaws using PQL: a program query language
OOPSLA '05 Proceedings of the 20th annual ACM SIGPLAN conference on Object-oriented programming, systems, languages, and applications
AMNESIA: analysis and monitoring for NEutralizing SQL-injection attacks
Proceedings of the 20th IEEE/ACM international Conference on Automated software engineering
The essence of command injection attacks in web applications
Conference record of the 33rd ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Data-centric security: role analysis and role typestates
Proceedings of the eleventh ACM symposium on Access control models and technologies
Preventing SQL injection attacks using AMNESIA
Proceedings of the 28th international conference on Software engineering
Precise alias analysis for static detection of web application vulnerabilities
Proceedings of the 2006 workshop on Programming languages and analysis for security
Using positive tainting and syntax-aware evaluation to counter SQL injection attacks
Proceedings of the 14th ACM SIGSOFT international symposium on Foundations of software engineering
Proceedings of the 2007 ACM symposium on Applied computing
Sound and precise analysis of web applications for injection vulnerabilities
Proceedings of the 2007 ACM SIGPLAN conference on Programming language design and implementation
Large-scale analysis of format string vulnerabilities in Debian Linux
Proceedings of the 2007 workshop on Programming languages and analysis for security
Using web application construction frameworks to protect against code injection attacks
Proceedings of the 2007 workshop on Programming languages and analysis for security
ABASH: finding bugs in bash scripts
Proceedings of the 2007 workshop on Programming languages and analysis for security
Using Automated Fix Generation to Secure SQL Statements
SESS '07 Proceedings of the Third International Workshop on Software Engineering for Secure Systems
Preventing injection attacks with syntax embeddings
GPCE '07 Proceedings of the 6th international conference on Generative programming and component engineering
Type qualifier inference for java
Proceedings of the 22nd annual ACM SIGPLAN conference on Object-oriented programming systems and applications
An analysis of browser domain-isolation bugs and a light-weight transparent defense mechanism
Proceedings of the 14th ACM conference on Computer and communications security
CANDID: preventing sql injection attacks using dynamic candidate evaluations
Proceedings of the 14th ACM conference on Computer and communications security
Multi-module vulnerability analysis of web-based applications
Proceedings of the 14th ACM conference on Computer and communications security
Dynamic pharming attacks and locked same-origin policies for web browsers
Proceedings of the 14th ACM conference on Computer and communications security
Securing web applications with static and dynamic information flow tracking
PEPM '08 Proceedings of the 2008 ACM SIGPLAN symposium on Partial evaluation and semantics-based program manipulation
End-to-end web application security
HOTOS'07 Proceedings of the 11th USENIX workshop on Hot topics in operating systems
SIF: enforcing confidentiality and integrity in web applications
SS'07 Proceedings of 16th USENIX Security Symposium on USENIX Security Symposium
SQL-IDS: a specification-based approach for SQL-injection detection
Proceedings of the 2008 ACM symposium on Applied computing
Static detection of cross-site scripting vulnerabilities
Proceedings of the 30th international conference on Software engineering
A state coverage tool for JUnit
Companion of the 30th international conference on Software engineering
Static path conditions for Java
Proceedings of the third ACM SIGPLAN workshop on Programming languages and analysis for security
Spectator: detection and containment of JavaScript worms
ATC'08 USENIX 2008 Annual Technical Conference on Annual Technical Conference
Vigilante: End-to-end containment of Internet worm epidemics
ACM Transactions on Computer Systems (TOCS)
On automated prepared statement generation to remove SQL injection vulnerabilities
Information and Software Technology
Context-Sensitive Relevancy Analysis for Efficient Symbolic Execution
APLAS '08 Proceedings of the 6th Asian Symposium on Programming Languages and Systems
The MOBIUS Proof Carrying Code Infrastructure
Formal Methods for Components and Objects
An empirical security study of the native code in the JDK
SS'08 Proceedings of the 17th conference on Security symposium
Static analysis for inference of explicit information flow
Proceedings of the 8th ACM SIGPLAN-SIGSOFT workshop on Program analysis for software tools and engineering
SQLProb: a proxy-based architecture towards preventing SQL injection attacks
Proceedings of the 2009 ACM symposium on Applied Computing
Specification Mining with Few False Positives
TACAS '09 Proceedings of the 15th International Conference on Tools and Algorithms for the Construction and Analysis of Systems: Held as Part of the Joint European Conferences on Theory and Practice of Software, ETAPS 2009,
Merlin: specification inference for explicit information flow problems
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
TAJ: effective taint analysis of web applications
Proceedings of the 2009 ACM SIGPLAN conference on Programming language design and implementation
Automatic creation of SQL Injection and cross-site scripting attacks
ICSE '09 Proceedings of the 31st International Conference on Software Engineering
Protecting Database Centric Web Services against SQL/XPath Injection Attacks
DEXA '09 Proceedings of the 20th International Conference on Database and Expert Systems Applications
Improving application security with data flow assertions
Proceedings of the ACM SIGOPS 22nd symposium on Operating systems principles
Ripley: automatically securing web 2.0 applications through replicated execution
Proceedings of the 16th ACM conference on Computer and communications security
Finding bugs in exceptional situations of JNI programs
Proceedings of the 16th ACM conference on Computer and communications security
Intrusion detection using signatures extracted from execution profiles
IWSESS '09 Proceedings of the 2009 ICSE Workshop on Software Engineering for Secure Systems
CANDID: Dynamic candidate evaluations for automatic prevention of SQL injection attacks
ACM Transactions on Information and System Security (TISSEC)
Fine-grained privilege separation for web applications
Proceedings of the 19th international conference on World wide web
Preventing injection attacks with syntax embeddings
Science of Computer Programming
Towards security testing with taint analysis and genetic algorithms
Proceedings of the 2010 ICSE Workshop on Software Engineering for Secure Systems
Efficient, context-sensitive detection of real-world semantic attacks
PLAS '10 Proceedings of the 5th ACM SIGPLAN Workshop on Programming Languages and Analysis for Security
Static and dynamic analysis for web security in industry applications
International Journal of Electronic Security and Digital Forensics
Static analysis for detecting taint-style vulnerabilities in web applications
Journal of Computer Security
GATEKEEPER: mostly static enforcement of security and reliability policies for javascript code
SSYM'09 Proceedings of the 18th conference on USENIX security symposium
Dartmouth internet security testbed (DIST: building a campus-wide wireless testbed
CSET'09 Proceedings of the 2nd conference on Cyber security experimentation and test
Model checking graph representation of precise boolean inter-procedural flow analysis
Proceedings of the IEEE/ACM international conference on Automated software engineering
NoTamper: automatic blackbox detection of parameter tampering opportunities in web applications
Proceedings of the 17th ACM conference on Computer and communications security
Eliminating human specification in static analysis
RAID'10 Proceedings of the 13th international conference on Recent advances in intrusion detection
Toward automated detection of logic vulnerabilities in web applications
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
VEX: vetting browser extensions for security vulnerabilities
USENIX Security'10 Proceedings of the 19th USENIX conference on Security
WebAppArmor: a framework for robust prevention of attacks on web applications
ICISS'10 Proceedings of the 6th international conference on Information systems security
Coverage criteria for automatic security testing of web applications
ICISS'10 Proceedings of the 6th international conference on Information systems security
SessionShield: lightweight protection against session hijacking
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Security sensitive data flow coverage criterion for automatic security testing of web applications
ESSoS'11 Proceedings of the Third international conference on Engineering secure software and systems
Code-motion for API migration: fixing SQL injection vulnerabilities in Java
Proceedings of the 4th Workshop on Refactoring Tools
Analyzing inter-application communication in Android
MobiSys '11 Proceedings of the 9th international conference on Mobile systems, applications, and services
Path- and index-sensitive string analysis based on monadic second-order logic
Proceedings of the 2011 International Symposium on Software Testing and Analysis
Saving the world wide web from vulnerable JavaScript
Proceedings of the 2011 International Symposium on Software Testing and Analysis
GuardRails: a data-centric web application security framework
WebApps'11 Proceedings of the 2nd USENIX conference on Web application development
Practical elimination of external interaction vulnerabilities in web applications
Journal of Web Engineering
Towards client-side HTML security policies
HotSec'11 Proceedings of the 6th USENIX conference on Hot topics in security
Vulnerability extrapolation: assisted discovery of vulnerabilities using machine learning
WOOT'11 Proceedings of the 5th USENIX conference on Offensive technologies
Fast and precise sanitizer analysis with BEK
SEC'11 Proceedings of the 20th USENIX conference on Security
Static detection of access control vulnerabilities in web applications
SEC'11 Proceedings of the 20th USENIX conference on Security
A study of android application security
SEC'11 Proceedings of the 20th USENIX conference on Security
Preventing web application injections with complementary character coding
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
A systematic analysis of XSS sanitization in web application frameworks
ESORICS'11 Proceedings of the 16th European conference on Research in computer security
CryptDB: protecting confidentiality with encrypted query processing
SOSP '11 Proceedings of the Twenty-Third ACM Symposium on Operating Systems Principles
Fear the EAR: discovering and mitigating execution after redirect vulnerabilities
Proceedings of the 18th ACM conference on Computer and communications security
Context-sensitive auto-sanitization in web templating languages using type qualifiers
Proceedings of the 18th ACM conference on Computer and communications security
SCRIPTGARD: automatic context-sensitive sanitization for large-scale legacy web applications
Proceedings of the 18th ACM conference on Computer and communications security
F4F: taint analysis of framework-based web applications
Proceedings of the 2011 ACM international conference on Object oriented programming systems languages and applications
Model checking dataflow for malicious input
WESS '11 Proceedings of the Workshop on Embedded Systems Security
ASIDE: IDE support for web application security
Proceedings of the 27th Annual Computer Security Applications Conference
Using datalog with binary decision diagrams for program analysis
APLAS'05 Proceedings of the Third Asian conference on Programming Languages and Systems
Automated removal of cross site scripting vulnerabilities in web applications
Information and Software Technology
Automatically preparing safe SQL queries
FC'10 Proceedings of the 14th international conference on Financial Cryptography and Data Security
Idea: towards architecture-centric security analysis of software
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Secure code generation for web applications
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
Idea: using system level testing for revealing SQL injection-related error message information leaks
ESSoS'10 Proceedings of the Second international conference on Engineering Secure Software and Systems
DroidChecker: analyzing android applications for capability leak
Proceedings of the fifth ACM conference on Security and Privacy in Wireless and Mobile Networks
Quo vadis? a study of the evolution of input validation vulnerabilities in web applications
FC'11 Proceedings of the 15th international conference on Financial Cryptography and Data Security
Hunting application-level logical errors
ESSoS'12 Proceedings of the 4th international conference on Engineering Secure Software and Systems
Mitigating program security vulnerabilities: Approaches and challenges
ACM Computing Surveys (CSUR)
An empirical analysis of input validation mechanisms in web applications and languages
Proceedings of the 27th Annual ACM Symposium on Applied Computing
Towards a taint mode for cloud computing web applications
Proceedings of the 7th Workshop on Programming Languages and Analysis for Security
Automated detection of client-state manipulation vulnerabilities
Proceedings of the 34th International Conference on Software Engineering
A taint mode for python via a library
NordSec'10 Proceedings of the 15th Nordic conference on Information Security Technology for Applications
Type-Based enforcement of secure programming guidelines -- code injection prevention at SAP
FAST'11 Proceedings of the 8th international conference on Formal Aspects of Security and Trust
Benchmarking cloud security level agreements using quantitative policy trees
Proceedings of the 2012 ACM Workshop on Cloud computing security workshop
Leveraging "choice" to automate authorization hook placement
Proceedings of the 2012 ACM conference on Computer and communications security
CHEX: statically vetting Android apps for component hijacking vulnerabilities
Proceedings of the 2012 ACM conference on Computer and communications security
THAPS: automated vulnerability scanning of PHP applications
NordSec'12 Proceedings of the 17th Nordic conference on Secure IT Systems
Generalized vulnerability extrapolation using abstract syntax trees
Proceedings of the 28th Annual Computer Security Applications Conference
Towards fully automatic placement of security sanitizers and declassifiers
POPL '13 Proceedings of the 40th annual ACM SIGPLAN-SIGACT symposium on Principles of programming languages
Static vulnerability detection in Java service-oriented components
Journal in Computer Virology
ANDROMEDA: accurate and scalable security analysis of web applications
FASE'13 Proceedings of the 16th international conference on Fundamental Approaches to Software Engineering
EARs in the wild: large-scale analysis of execution after redirect vulnerabilities
Proceedings of the 28th Annual ACM Symposium on Applied Computing
Finding your way in the testing jungle: a learning approach to web security testing
Proceedings of the 2013 International Symposium on Software Testing and Analysis
Composing polymorphic information flow systems with reference immutability
Proceedings of the 15th Workshop on Formal Techniques for Java-like Programs
Practical information flow for legacy web applications
Proceedings of the 8th Workshop on Implementation, Compilation, Optimization of Object-Oriented Languages, Programs and Systems
Practical static analysis of JavaScript applications in the presence of frameworks and libraries
Proceedings of the 2013 9th Joint Meeting on Foundations of Software Engineering
Information and Software Technology
Chucky: exposing missing checks in source code for vulnerability discovery
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Diglossia: detecting code injection attacks with precision and efficiency
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
deDacota: toward preventing server-side XSS via automatic code and data separation
Proceedings of the 2013 ACM SIGSAC conference on Computer & communications security
Path- and index-sensitive string analysis based on monadic second-order logic
ACM Transactions on Software Engineering and Methodology (TOSEM) - Testing, debugging, and error handling, formal methods, lifecycle concerns, evolution and maintenance
Information and Software Technology
A survey on server-side approaches to securing web applications
ACM Computing Surveys (CSUR)
Risks induced by Web applications on smart cards
Journal of Information Security and Applications
| Hi-index | 0.00 |
This paper proposes a static analysis technique for detecting many recently discovered application vulnerabilities such as SQL injections, cross-site scripting, and HTTP splitting attacks. These vulnerabilities stem from unchecked input, which is widely recognized as the most common source of security vulnerabilities in Web applications. We propose a static analysis approach based on a scalable and precise points-to analysis. In our system, user-provided specifications of vulnerabilities are automatically translated into static analyzers. Our approach finds all vulnerabilities matching a specification in the statically analyzed code. Results of our static analysis are presented to the user for assessment in an auditing interface integrated within Eclipse, a popular Java development environment. Our static analysis found 29 security vulnerabilities in nine large, popular open-source applications, with two of the vulnerabilities residing in widely-used Java libraries. In fact, all but one application in our benchmark suite had at least one vulnerability. Context sensitivity, combined with improved object naming, proved instrumental in keeping the number of false positives low. Our approach yielded very few false positives in our experiments: in fact, only one of our benchmarks suffered from false alarms.