Browse wiki

From Navigators

Jump to: navigation, search
Publication:ISSTA 2016
Abstract The state of web security remains troublin The state of web security remains troubling as web applications continue to be favorite targets of hackers. Static analysis tools are important mechanisms for programmers to deal with this problem as they search for vulnerabilities automatically in the application source code, allowing programmers to remove them. However, developing these tools requires explicitly coding knowledge about how to discover each kind of vulnerability. This paper presents a new approach in which static analysis tools learn to detect vulnerabilities automatically using machine learning. The approach uses a sequence model to learn to characterize vulnerabilities based on a set of annotated source code slices. This model takes into consideration the order in which the code elements appear and are executed in the slices. The model created can then be used as a static analysis tool to discover and identify vulnerabilities in source code. The approach was implemented in the DEKANT tool and evaluated experimentally with a set of open source PHP applications and WordPress plugins, finding 16 zero-day vulnerabilities. ugins, finding 16 zero-day vulnerabilities.
Author Ibéria Medeiros + , Nuno Ferreira Neves + , Miguel Correia +
Booktitle Proceedings of the International Symposium on Software Testing and Analysis (ISSTA)  +
Document Document for Publication-ISSTA 2016.pdf +
Key ISSTA 2016  +
Month jul  +
NumPubDate 2,016.07  +
Project Project:SEGRID +
ResearchLine Fault and Intrusion Tolerance in Open Distributed Systems (FIT) +
Title DEKANT: A Static Analysis Tool that Learns to Detect Web Application Vulnerabilities  +
Type inproceedings  +
Year 2016  +
Has improper value forThis property is a special property in this wiki. Url  +
Categories Publication  +
Modification dateThis property is a special property in this wiki. 13 November 2016 22:15:08  +
hide properties that link here 
  No properties link to this page.
 

 

Enter the name of the page to start browsing from.
Views
Personal tools
Toolbox
Navigators toolbox