Browse wiki

From Navigators

Publication:EDCC2020 CodingStyles

Abstract	Web application security has become paramo … Web application security has become paramount for the organisation's operation, and therefore, static analysis tools (SAT) for vulnerability detection have been widely researched in the last years. Nevertheless, SATs often generate errors (false positives & negatives), whose cause is recurrently associated with very diverse coding styles, i.e., similar functionality is implemented in distinct manners, and programming practices that create ambiguity, such as the reuse and share of variables. The paper presents an analysis of SAT's behaviour and results when they process various relevant web applications coded with different coding styles. Furthermore, it discusses if the SQL injection vulnerabilities detected by SATs as true positives are really exploitable. Our results demonstrate that SATs are built having in mind how to detect specific vulnerabilities, without considering such forms of programming. They call to action for a new generation of SATs that are highly malleable to be capable of processing the codes observed in the wild. processing the codes observed in the wild.
Author	Ibéria Medeiros + , Nuno Ferreira Neves +
Booktitle	In Proceedings of the European Dependable Computing Conference (EDCC)  +
Key	EDCC2020 CodingStyles  +
Month	sep  +
NumPubDate	2,020.09  +
Project	Project:SEAL +
ResearchLine	Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title	Effect of Coding Styles in Detection of Web Application Vulnerabilities  +
Type	inproceedings  +
Year	2020  +
Has improper value forThis property is a special property in this wiki.	Url  +
Categories	Publication  +
Modification dateThis property is a special property in this wiki.	2 August 2020 16:24:08  +

hide properties that link here

	No properties link to this page.

 

Enter the name of the page to start browsing from.