“Equipping WAP with Weapons to Detect Vulnerabilities”

From Navigators

Jump to: navigation, search

Ibéria Medeiros, Nuno Ferreira Neves, Miguel Correia

in Proceedings of the International Conference on Dependable Systems and Networks (DSN), Jun. 2016.

Abstract: Although security starts to be taken into account during software development, the tendency for source code to contain vulnerabilities persists. Open source static analysis tools provide a sensible approach to mitigate this problem. However, these tools are programmed to detect a specific set of vulnerabilities and they are often difficult to extend to detect new ones. WAP is a recent popular open source tool that detects vulnerabilities in the source code of web applications written in PHP. The paper addresses the difficulty of extending these tools by proposing a modular and extensible version of the WAP tool, equipping it with “weapons” to detect (and correct) new vulnerability classes. The new version of the tool was evaluated with seven new vulnerability classes using web applications and plugins of the widely-adopted WordPress content management system. The experimental results show that this extensibility allows WAP to find many new (zeroday) vulnerabilities.

Download paper

Download Equipping WAP with Weapons to Detect Vulnerabilities

Export citation

BibTeX

Project(s): Project:SEGRID

Research line(s): Fault and Intrusion Tolerance in Open Distributed Systems (FIT)

Personal tools
Navigators toolbox