Browse wiki

From Navigators

Jump to: navigation, search
Publication:DSNa 2016
Abstract Although security starts to be taken into Although security starts to be taken into account during software development, the tendency for source code to contain vulnerabilities persists. Open source static analysis tools provide a sensible approach to mitigate this problem. However, these tools are programmed to detect a specific set of vulnerabilities and they are often difficult to extend to detect new ones. WAP is a recent popular open source tool that detects vulnerabilities in the source code of web applications written in PHP. The paper addresses the difficulty of extending these tools by proposing a modular and extensible version of the WAP tool, equipping it with “weapons” to detect (and correct) new vulnerability classes. The new version of the tool was evaluated with seven new vulnerability classes using web applications and plugins of the widely-adopted WordPress content management system. The experimental results show that this extensibility allows WAP to find many new (zeroday) vulnerabilities. o find many new (zeroday) vulnerabilities.
Author Ibéria Medeiros + , Nuno Ferreira Neves + , Miguel Correia +
Booktitle Proceedings of the International Conference on Dependable Systems and Networks (DSN)  +
Document Document for Publication-DSNa 2016.pdf +
Key DSNa 2016  +
Month jun  +
NumPubDate 2,016.06  +
Project Project:SEGRID +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title Equipping WAP with Weapons to Detect Vulnerabilities  +
Type inproceedings  +
Year 2016  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 5 June 2016 08:03:06  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.
Views
Personal tools
Toolbox
Navigators toolbox