Browse wiki

From Navigators

Jump to: navigation, search
Publication:EDCC2020 CodingStyles
Abstract Web application security has become paramo Web application security has become paramount for the organisation's operation, and therefore, static analysis tools (SAT) for vulnerability detection have been widely researched in the last years. Nevertheless, SATs often generate errors (false positives & negatives), whose cause is recurrently associated with very diverse coding styles, i.e., similar functionality is implemented in distinct manners, and programming practices that create ambiguity, such as the reuse and share of variables. The paper presents an analysis of SAT's behaviour and results when they process various relevant web applications coded with different coding styles. Furthermore, it discusses if the SQL injection vulnerabilities detected by SATs as true positives are really exploitable. Our results demonstrate that SATs are built having in mind how to detect specific vulnerabilities, without considering such forms of programming. They call to action for a new generation of SATs that are highly malleable to be capable of processing the codes observed in the wild. processing the codes observed in the wild.
Author Ibéria Medeiros + , Nuno Ferreira Neves +
Booktitle In Proceedings of the European Dependable Computing Conference (EDCC)  +
Key EDCC2020 CodingStyles  +
Month sep  +
NumPubDate 2,020.09  +
Project Project:SEAL +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title Effect of Coding Styles in Detection of Web Application Vulnerabilities  +
Type inproceedings  +
Year 2020  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 2 August 2020 16:24:08  +
hide properties that link here 
  No properties link to this page.


Enter the name of the page to start browsing from.
Personal tools
Navigators toolbox