“Equipping WAP with Weapons to Detect Vulnerabilities”
From Navigators
(Difference between revisions)
(Created page with "{{Publication |type=inproceedings |document=Document for Publication-DSNa 2016.pdf |title=Equipping WAP with Weapons to Detect Vulnerabilities |author=Ibéria Medeiros, Nuno Neve...") |
|||
| Line 3: | Line 3: | ||
|document=Document for Publication-DSNa 2016.pdf | |document=Document for Publication-DSNa 2016.pdf | ||
|title=Equipping WAP with Weapons to Detect Vulnerabilities | |title=Equipping WAP with Weapons to Detect Vulnerabilities | ||
| - | |author=Ibéria Medeiros, Nuno Neves, Miguel Correia, | + | |author=Ibéria Medeiros, Nuno Ferreira Neves, Miguel Correia, |
| - | |Project=Project:SEGRID, | + | |Project=Project:SEGRID, |
|ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT) | |ResearchLine=Fault and Intrusion Tolerance in Open Distributed Systems (FIT) | ||
|month=jun | |month=jun | ||
| Line 24: | Line 24: | ||
show that this extensibility allows WAP to find many new (zeroday) | show that this extensibility allows WAP to find many new (zeroday) | ||
vulnerabilities. | vulnerabilities. | ||
| - | |||
|booktitle=Proceedings of the International Conference on Dependable Systems and Networks (DSN) | |booktitle=Proceedings of the International Conference on Dependable Systems and Networks (DSN) | ||
}} | }} | ||
Latest revision as of 08:03, 5 June 2016
Ibéria Medeiros, Nuno Ferreira Neves, Miguel Correia
in Proceedings of the International Conference on Dependable Systems and Networks (DSN), Jun. 2016.
Abstract: Although security starts to be taken into account during software development, the tendency for source code to contain vulnerabilities persists. Open source static analysis tools provide a sensible approach to mitigate this problem. However, these tools are programmed to detect a specific set of vulnerabilities and they are often difficult to extend to detect new ones. WAP is a recent popular open source tool that detects vulnerabilities in the source code of web applications written in PHP. The paper addresses the difficulty of extending these tools by proposing a modular and extensible version of the WAP tool, equipping it with “weapons” to detect (and correct) new vulnerability classes. The new version of the tool was evaluated with seven new vulnerability classes using web applications and plugins of the widely-adopted WordPress content management system. The experimental results show that this extensibility allows WAP to find many new (zeroday) vulnerabilities.
Download paper
Download Equipping WAP with Weapons to Detect Vulnerabilities
Export citation
Project(s): Project:SEGRID
Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)
