Shafaque Fatma Syed, Aamir Ahmed, G. D'Mello, Zeeshan Ansari
{"title":"Removal of Web Application Vulnerabilities using Taint Analyzer and Code Corrector","authors":"Shafaque Fatma Syed, Aamir Ahmed, G. D'Mello, Zeeshan Ansari","doi":"10.1109/ICNTE44896.2019.8945976","DOIUrl":null,"url":null,"abstract":"Security has been a challenging aspect recently in the field of Web Development. A failure to obtain security in web applications may lead to complete destruction of the web application or may cause some loss to the user or the owner. To tackle this, a huge research on how to secure a web app has been going on for quite some time, yet to achieve security in today's modern era is a very difficult and no less than a challenge for web applications. All these things lead only to a vulnerable/faulty source code, formulated in coding such as PHP. Static Source Code analysis (SCSA) tools tend to give a solution to detect vulnerabilities, but they tend to detect vulnerabilities which actually are false positives, which leads to excess code reexamination. The proposed system will tackle the current situation of SCSA. This will be achieved by two additional modules to SCSA i.e. Taint analysis with False Positive Predictor which will detect and segregate the true vulnerable code from false positives respectively. The proposed system will be used by the Web Application programmers during testing of web application.","PeriodicalId":292408,"journal":{"name":"2019 International Conference on Nascent Technologies in Engineering (ICNTE)","volume":"41 1","pages":"0"},"PeriodicalIF":0.0000,"publicationDate":"2019-01-01","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"2019 International Conference on Nascent Technologies in Engineering (ICNTE)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1109/ICNTE44896.2019.8945976","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}
引用次数: 0
Abstract
Security has been a challenging aspect recently in the field of Web Development. A failure to obtain security in web applications may lead to complete destruction of the web application or may cause some loss to the user or the owner. To tackle this, a huge research on how to secure a web app has been going on for quite some time, yet to achieve security in today's modern era is a very difficult and no less than a challenge for web applications. All these things lead only to a vulnerable/faulty source code, formulated in coding such as PHP. Static Source Code analysis (SCSA) tools tend to give a solution to detect vulnerabilities, but they tend to detect vulnerabilities which actually are false positives, which leads to excess code reexamination. The proposed system will tackle the current situation of SCSA. This will be achieved by two additional modules to SCSA i.e. Taint analysis with False Positive Predictor which will detect and segregate the true vulnerable code from false positives respectively. The proposed system will be used by the Web Application programmers during testing of web application.
京公网安备 11010802042870号
京ICP备2023020795号-1
分享
求助内容:
应助结果提醒方式:
扫码关注我们
