Abstract
|
Although security starts to be taken into … Although security starts to be taken into account
during software development, the tendency for source code to
contain vulnerabilities persists. Open source static analysis tools
provide a sensible approach to mitigate this problem. However,
these tools are programmed to detect a specific set of vulnerabilities
and they are often difficult to extend to detect new ones. WAP
is a recent popular open source tool that detects vulnerabilities
in the source code of web applications written in PHP. The paper
addresses the difficulty of extending these tools by proposing a
modular and extensible version of the WAP tool, equipping it with
“weapons” to detect (and correct) new vulnerability classes. The
new version of the tool was evaluated with seven new vulnerability
classes using web applications and plugins of the widely-adopted
WordPress content management system. The experimental results
show that this extensibility allows WAP to find many new (zeroday)
vulnerabilities. o find many new (zeroday)
vulnerabilities.
|
Author
|
Ibéria Medeiros +
, Nuno Ferreira Neves +
, Miguel Correia +
|
Booktitle
|
Proceedings of the International Conference on Dependable Systems and Networks (DSN) +
|
Document
|
Document for Publication-DSNa 2016.pdf +
|
Key
|
DSNa 2016 +
|
Month
|
jun +
|
NumPubDate
|
2,016.06 +
|
Project
|
Project:SEGRID +
|
ResearchLine
|
Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
|
Title
|
Equipping WAP with Weapons to Detect Vulnerabilities +
|
Type
|
inproceedings +
|
Year
|
2016 +
|
Has improper value forThis property is a special property in this wiki.
|
Url +
|
Categories |
Publication +
|
Modification dateThis property is a special property in this wiki.
|
5 June 2016 08:03:06 +
|